Vulnerabilities > Craftercms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-4136 | Cross-site Scripting vulnerability in Craftercms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27. | 6.1 |
| 2023-05-26 | CVE-2023-33194 | Cross-site Scripting vulnerability in multiple products Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. | 4.8 |
| 2022-05-16 | CVE-2021-23265 | Unspecified vulnerability in Craftercms Crafter CMS A logged-in and authenticated user with a Reviewer Role may lock a content item. | 4.3 |
| 2022-05-16 | CVE-2021-23266 | Improper Encoding or Escaping of Output vulnerability in Craftercms Crafter CMS An anonymous user can craft a URL with text that ends up in the log viewer as is. | 4.3 |
| 2021-12-02 | CVE-2021-23260 | Cross-site Scripting vulnerability in Craftercms Crafter CMS Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. | 5.4 |
| 2021-12-02 | CVE-2021-23261 | Unspecified vulnerability in Craftercms Crafter CMS Authenticated administrators may override the system configuration file and cause a denial of service. | 4.9 |
| 2020-11-27 | CVE-2017-15686 | Cross-site Scripting vulnerability in Craftercms Crafter CMS 3.0.0 Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies. | 6.1 |
| 2020-11-27 | CVE-2017-15682 | Cross-site Scripting vulnerability in Craftercms Crafter CMS 3.0.0 In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. | 6.1 |
| 2020-11-27 | CVE-2017-15680 | Missing Authorization vulnerability in Craftercms Crafter CMS 3.0.0 In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. | 6.5 |