Vulnerabilities > Craftercms > Crafter CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-16 | CVE-2021-23265 | Unspecified vulnerability in Craftercms Crafter CMS A logged-in and authenticated user with a Reviewer Role may lock a content item. | 4.3 |
| 2022-05-16 | CVE-2021-23266 | Improper Encoding or Escaping of Output vulnerability in Craftercms Crafter CMS An anonymous user can craft a URL with text that ends up in the log viewer as is. | 4.3 |
| 2021-12-02 | CVE-2021-23260 | Cross-site Scripting vulnerability in Craftercms Crafter CMS Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. | 5.4 |
| 2021-12-02 | CVE-2021-23261 | Unspecified vulnerability in Craftercms Crafter CMS Authenticated administrators may override the system configuration file and cause a denial of service. | 4.9 |
| 2020-11-27 | CVE-2017-15686 | Cross-site Scripting vulnerability in Craftercms Crafter CMS 3.0.0 Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies. | 6.1 |
| 2020-11-27 | CVE-2017-15682 | Cross-site Scripting vulnerability in Craftercms Crafter CMS 3.0.0 In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. | 6.1 |
| 2020-11-27 | CVE-2017-15680 | Missing Authorization vulnerability in Craftercms Crafter CMS 3.0.0 In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. | 6.5 |