Vulnerabilities > Craftercms > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-27 CVE-2017-15686 Cross-site Scripting vulnerability in Craftercms Crafter CMS 3.0.0
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.
network
craftercms CWE-79
4.3
2020-11-27 CVE-2017-15685 XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE).
network
low complexity
craftercms CWE-91
5.0
2020-11-27 CVE-2017-15684 Path Traversal vulnerability in Craftercms Crafter CMS 3.0.0
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.
network
low complexity
craftercms CWE-22
5.0
2020-11-27 CVE-2017-15683 XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
network
low complexity
craftercms CWE-91
5.0
2020-11-27 CVE-2017-15682 Cross-site Scripting vulnerability in Craftercms Crafter CMS 3.0.0
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
network
craftercms CWE-79
4.3
2020-11-27 CVE-2017-15680 Missing Authorization vulnerability in Craftercms Crafter CMS 3.0.0
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
network
low complexity
craftercms CWE-862
6.4