RSS   Podatności dla 'Craft cms'   RSS

2022-04-03
 
CVE-2022-28378

CWE-79
 

 
Craft CMS before 3.7.29 allows XSS.

 
2021-06-30
 
CVE-2021-27902

CWE-79
 

 
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.

 
 
CVE-2021-27903

CWE-94
 

 
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).

 
2021-05-07
 
CVE-2021-32470

CWE-79
 

 
Craft CMS before 3.6.13 has an XSS vulnerability.

 
2021-03-26
 
CVE-2020-19626

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

 
2020-03-04
 
CVE-2020-9757

CWE-74
 

 
The Seomatic component before 3.2.46 for Craft CMS allows Server-Side Template Injection and information disclosure via malformed data to the metacontainers controller.

 
2019-12-31
 
CVE-2019-9554

CWE-79
 

 
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.

 
2019-10-10
 
CVE-2019-17496

CWE-79
 

 
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.

 
2019-07-26
 
CVE-2019-14280

CWE-200
 

 
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

 
2019-06-18
 
CVE-2019-12823

CWE-79
 

 
Craft CMS 3.1.30 has XSS.

 


Copyright 2024, cxsecurity.com

 

Back to Top