Vulnerabilities > Magnolia CMS > Magnolia CMS > 6.2.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-46361 | Unspecified vulnerability in Magnolia-Cms Magnolia CMS An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. | 7.5 |
| 2022-02-11 | CVE-2021-46362 | Code Injection vulnerability in Magnolia-Cms Magnolia CMS A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | 9.8 |
| 2022-02-11 | CVE-2021-46363 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Magnolia-Cms Magnolia CMS An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. | 9.3 |
| 2022-02-11 | CVE-2021-46364 | Deserialization of Untrusted Data vulnerability in Magnolia-Cms Magnolia CMS A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | 6.8 |
| 2022-02-11 | CVE-2021-46365 | XXE vulnerability in Magnolia-Cms Magnolia CMS An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. | 6.8 |
| 2022-02-11 | CVE-2021-46366 | Open Redirect vulnerability in Magnolia-Cms Magnolia CMS An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | 6.8 |
| 2021-04-02 | CVE-2021-25894 | Cross-site Scripting vulnerability in Magnolia-Cms Magnolia CMS Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. | 4.3 |
| 2021-04-02 | CVE-2021-25893 | Cross-site Scripting vulnerability in Magnolia-Cms Magnolia CMS Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. | 3.5 |