Vulnerabilities > Craftcms > Craft CMS > 3.6.5

DATE CVE VULNERABILITY TITLE RISK
2022-05-09 CVE-2022-29933 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality.
network
craftcms CWE-640
6.8
2022-04-03 CVE-2022-28378 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft CMS before 3.7.29 allows XSS.
network
craftcms CWE-79
4.3
2021-09-30 CVE-2021-41824 Improper Neutralization of Formula Elements in a CSV File vulnerability in Craftcms Craft CMS
Craft CMS before 3.7.14 allows CSV injection.
network
craftcms CWE-1236
6.8
2021-06-30 CVE-2021-27903 Missing Authorization vulnerability in Craftcms Craft CMS
An issue was discovered in Craft CMS before 3.6.7.
network
low complexity
craftcms CWE-862
7.5