4.2.8

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-18	CVE-2025-23209	Code Injection vulnerability in Craftcms Craft CMS Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. network high complexity craftcms CWE-94	8.1
2024-11-13	CVE-2024-52291	Unspecified vulnerability in Craftcms Craft CMS Craft is a content management system (CMS). network low complexity craftcms	7.2
2024-11-13	CVE-2024-52292	Unspecified vulnerability in Craftcms Craft CMS Craft is a content management system (CMS). network low complexity craftcms	6.5
2024-11-13	CVE-2024-52293	Unspecified vulnerability in Craftcms Craft CMS Craft is a content management system (CMS). network low complexity craftcms	7.2
2024-01-30	CVE-2023-36260	Injection vulnerability in Craftcms Craft CMS An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. network low complexity craftcms CWE-74	7.5
2024-01-03	CVE-2024-21622	Unspecified vulnerability in Craftcms Craft CMS Craft is a content management system. network low complexity craftcms	8.8
2023-08-23	CVE-2023-40035	Unspecified vulnerability in Craftcms Craft CMS Craft is a CMS for creating custom digital experiences on the web and beyond. network low complexity craftcms	7.2
2023-06-20	CVE-2023-33495	Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS through 4.4.9 is vulnerable to HTML Injection. network low complexity craftcms CWE-79	6.1
2023-05-26	CVE-2023-33194	Cross-site Scripting vulnerability in multiple products Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. network low complexity craftcms craftercms CWE-79	4.8
2023-05-26	CVE-2023-33196	Cross-site Scripting vulnerability in Craftcms Craft CMS Craft is a CMS for creating custom digital experiences. network low complexity craftcms CWE-79	5.4