Vulnerabilities > Craftercms > Crafter CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-27 | CVE-2017-15683 | XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0 In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. | 8.6 |
| 2018-12-06 | CVE-2018-19907 | OS Command Injection vulnerability in Craftercms Crafter CMS A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. | 8.8 |