Vulnerabilities > Neos

DATE CVE VULNERABILITY TITLE RISK
2023-09-18 CVE-2023-37611 Cross-site Scripting vulnerability in Neos CMS 8.3.3
Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component.
network
low complexity
neos CWE-79
5.4
2022-06-02 CVE-2022-30429 Cross-site Scripting vulnerability in Neos CMS
Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title.
network
neos CWE-79
3.5
2021-06-21 CVE-2021-32697 Improper Input Validation vulnerability in Neos Form
neos/forms is an open source framework to build web forms.
network
low complexity
neos CWE-20
5.0