Vulnerabilities > Magnolia CMS

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-07	CVE-2022-33098	Cross-site Scripting vulnerability in Magnolia-Cms Magnolia CMS 6.2.19 Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. network magnolia-cms CWE-79	4.3
2022-02-11	CVE-2021-46361	Unspecified vulnerability in Magnolia-Cms Magnolia CMS An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. network low complexity magnolia-cms	7.5
2022-02-11	CVE-2021-46362	Code Injection vulnerability in Magnolia-Cms Magnolia CMS A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. network low complexity magnolia-cms CWE-94 critical	9.8
2022-02-11	CVE-2021-46363	Improper Neutralization of Formula Elements in a CSV File vulnerability in Magnolia-Cms Magnolia CMS An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. network magnolia-cms CWE-1236 critical	9.3
2022-02-11	CVE-2021-46364	Deserialization of Untrusted Data vulnerability in Magnolia-Cms Magnolia CMS A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. network magnolia-cms CWE-502	6.8
2022-02-11	CVE-2021-46365	XXE vulnerability in Magnolia-Cms Magnolia CMS An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. network magnolia-cms CWE-611	6.8
2022-02-11	CVE-2021-46366	Open Redirect vulnerability in Magnolia-Cms Magnolia CMS An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. network magnolia-cms CWE-601	6.8
2021-04-02	CVE-2021-25894	Cross-site Scripting vulnerability in Magnolia-Cms Magnolia CMS Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. network magnolia-cms CWE-79	4.3
2021-04-02	CVE-2021-25893	Cross-site Scripting vulnerability in Magnolia-Cms Magnolia CMS Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. network magnolia-cms CWE-79	3.5
2013-08-09	CVE-2013-4759	Cross-Site Scripting vulnerability in Magnolia-Cms Magnolia Form Module Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html. network magnolia-cms CWE-79	4.3

Vulnerabilities > Magnolia CMS {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Magnolia CMS"}]}

Vulnerabilities > Magnolia CMS