Vulnerabilities > Craftcms

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-31144 Unspecified vulnerability in Craftcms Craft CMS
Craft CMS is a content management system.
network
low complexity
craftcms
6.1
2023-04-25 CVE-2023-30177 Cross-site Scripting vulnerability in Craftcms Craft CMS 3.7.59
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS).
network
low complexity
craftcms CWE-79
6.1
2023-03-03 CVE-2023-23927 Unspecified vulnerability in Craftcms Craft CMS
Craft is a platform for creating digital experiences.
network
low complexity
craftcms
5.4
2022-12-05 CVE-2022-37783 Insufficiently Protected Credentials vulnerability in Craftcms Craft CMS
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens.
network
low complexity
craftcms CWE-522
7.5
2022-09-21 CVE-2022-37246 Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.
network
low complexity
craftcms CWE-79
5.4
2022-09-16 CVE-2022-37247 Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
network
low complexity
craftcms CWE-79
5.4
2022-09-16 CVE-2022-37251 Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
network
low complexity
craftcms CWE-79
5.4
2022-09-16 CVE-2022-37248 Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
network
low complexity
craftcms CWE-79
5.4
2022-09-16 CVE-2022-37250 Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
network
low complexity
craftcms CWE-79
5.4
2022-05-09 CVE-2022-29933 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality.
network
low complexity
craftcms CWE-640
8.8