Vulnerabilities > Craftcms > Craft CMS > Low

DATE CVE VULNERABILITY TITLE RISK
2021-03-26 CVE-2020-19626 Cross-site Scripting vulnerability in Craftcms Craft CMS 3.1.31
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
network
craftcms CWE-79
3.5
2018-12-24 CVE-2018-20418 Cross-site Scripting vulnerability in Craftcms Craft CMS 3.0.25
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
network
craftcms CWE-79
3.5
2017-06-08 CVE-2017-9516 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
network
craftcms CWE-79
3.5