Vulnerabilities > Craftcms > Craft CMS > 2.3.2617
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-01 | CVE-2017-8384 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. | 6.1 |
| 2017-05-01 | CVE-2017-8383 | Unspecified vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. | 5.3 |
| 2017-04-22 | CVE-2017-8052 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2974 allows XSS attacks. | 6.1 |