Vulnerabilities > Craftcms

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-40035 Injection vulnerability in Craftcms Craft CMS
Craft is a CMS for creating custom digital experiences on the web and beyond.
network
low complexity
craftcms CWE-74
7.2
2023-06-20 CVE-2023-33495 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft CMS through 4.4.9 is vulnerable to HTML Injection.
network
low complexity
craftcms CWE-79
6.1
2023-06-13 CVE-2023-30179 Code Injection vulnerability in Craftcms Craft CMS 3.7.59
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI).
network
low complexity
craftcms CWE-94
7.2
2023-05-27 CVE-2023-33195 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft is a CMS for creating custom digital experiences on the web.
network
low complexity
craftcms CWE-79
6.1
2023-05-26 CVE-2023-33194 Cross-site Scripting vulnerability in multiple products
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload.
network
low complexity
craftcms craftercms CWE-79
4.8
2023-05-26 CVE-2023-33196 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft is a CMS for creating custom digital experiences.
network
low complexity
craftcms CWE-79
5.4
2023-05-26 CVE-2023-33197 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft is a CMS for creating custom digital experiences on the web.
network
low complexity
craftcms CWE-79
5.4
2023-05-26 CVE-2023-2817 Cross-site Scripting vulnerability in Craftcms Craft CMS
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11.
network
low complexity
craftcms CWE-79
5.4
2023-05-19 CVE-2023-32679 Injection vulnerability in Craftcms Craft CMS
Craft CMS is an open source content management system.
network
low complexity
craftcms CWE-74
7.2
2023-05-12 CVE-2023-30130 Code Injection vulnerability in Craftcms Craft CMS 3.8.1
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
network
low complexity
craftcms CWE-94
8.8