Vulnerabilities > Craftcms > Craft CMS > 2.6.2962

DATE CVE VULNERABILITY TITLE RISK
2024-01-30 CVE-2023-36259 Cross-site Scripting vulnerability in Craftcms Craft CMS
Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.
network
low complexity
craftcms CWE-79
5.4
5.4
2024-01-30 CVE-2023-36260 Injection vulnerability in Craftcms Craft CMS
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS.
network
low complexity
craftcms CWE-74
7.5
7.5
2023-06-20 CVE-2023-33495 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft CMS through 4.4.9 is vulnerable to HTML Injection.
network
low complexity
craftcms CWE-79
6.1
6.1
2023-05-26 CVE-2023-33197 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft is a CMS for creating custom digital experiences on the web.
network
low complexity
craftcms CWE-79
5.4
5.4
2023-05-26 CVE-2023-2817 Cross-site Scripting vulnerability in Craftcms Craft CMS
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11.
network
low complexity
craftcms CWE-79
5.4
5.4
2023-03-03 CVE-2023-23927 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft is a platform for creating digital experiences.
network
low complexity
craftcms CWE-79
5.4
5.4
2022-05-09 CVE-2022-29933 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality.
network
craftcms CWE-640
6.8
6.8
2022-04-03 CVE-2022-28378 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft CMS before 3.7.29 allows XSS.
network
craftcms CWE-79
4.3
4.3
2021-06-30 CVE-2021-27902 Cross-site Scripting vulnerability in Craftcms Craft CMS
An issue was discovered in Craft CMS before 3.6.0.
network
craftcms CWE-79
4.3
4.3
2021-06-30 CVE-2021-27903 Missing Authorization vulnerability in Craftcms Craft CMS
An issue was discovered in Craft CMS before 3.6.7.
network
low complexity
craftcms CWE-862
7.5
7.5