Vulnerabilities for Craft cms (...) - CXSECURITY.COM

Vulnerabilities for 'Craft cms'

2022-04-03

CVE-2022-28378

CWE-79

Craft CMS before 3.7.29 allows XSS.

2021-06-30

CVE-2021-27902

CWE-79

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.

CVE-2021-27903

CWE-94

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).

2021-05-07

CVE-2021-32470

CWE-79

Craft CMS before 3.6.13 has an XSS vulnerability.

2021-03-26

CVE-2020-19626

CWE-79

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

2020-03-04

CVE-2020-9757

CWE-74

The Seomatic component before 3.2.46 for Craft CMS allows Server-Side Template Injection and information disclosure via malformed data to the metacontainers controller.

2019-12-31

CVE-2019-9554

CWE-79

In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.

2019-10-10

CVE-2019-17496

CWE-79

Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.

2019-07-26

CVE-2019-14280

CWE-200

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

2019-06-18

CVE-2019-12823

CWE-79

Craft CMS 3.1.30 has XSS.

Copyright 2024, cxsecurity.com