Vulnerabilities > Craftcms > Craft CMS > 3.1.32.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-17496 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 3.3.8 has stored XSS via a name field. | 6.1 |
| 2019-07-26 | CVE-2019-14280 | Information Exposure vulnerability in Craftcms Craft CMS In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public. | 5.3 |