Known Vulnerabilities for products from Craftcms
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Craftcms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-21622 json | 8.8 - HIGH | 2024-01-03 | 2024-01-10 | |
| CVE-2023-41892 json | Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running ... | 9.8 - CRITICAL | 2023-09-13 | 2023-09-19 |
| CVE-2023-40035 json | Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to... | 7.2 - HIGH | 2023-08-23 | 2023-08-29 |
| CVE-2023-36260 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2024-01-30 | 2024-02-05 |
| CVE-2023-36259 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2024-01-30 | 2024-02-05 |
| CVE-2023-33495 json | Craft CMS through 4.4.9 is vulnerable to HTML Injection. | 6.1 - MEDIUM | 2023-06-20 | 2023-11-07 |
| CVE-2023-33197 json | Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update... | 5.4 - MEDIUM | 2023-05-26 | 2023-06-01 |
| CVE-2023-33196 json | Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This i... | 5.4 - MEDIUM | 2023-05-26 | 2023-06-02 |
| CVE-2023-33195 json | Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issu... | 6.1 - MEDIUM | 2023-05-27 | 2023-06-02 |
| CVE-2023-33194 json | Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Qui... | 4.8 - MEDIUM | 2023-05-26 | 2023-06-02 |
| CVE-2023-32679 json | Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may l... | 7.2 - HIGH | 2023-05-19 | 2023-05-26 |
| CVE-2023-31144 json | Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title ... | 6.1 - MEDIUM | 2023-05-09 | 2023-05-16 |
| CVE-2023-30179 json | ** DISPUTED ** CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can ... | 7.2 - HIGH | 2023-06-13 | 2023-11-07 |
| CVE-2023-30177 json | CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. | 6.1 - MEDIUM | 2023-04-25 | 2023-05-04 |
| CVE-2023-30130 json | An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section par... | 8.8 - HIGH | 2023-05-12 | 2023-05-22 |
| CVE-2023-23927 json | Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entr... | 5.4 - MEDIUM | 2023-03-03 | 2023-11-07 |
| CVE-2023-2817 json | A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including scrip... | 5.4 - MEDIUM | 2023-05-26 | 2023-11-07 |
| CVE-2022-37783 json | All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address... | 7.5 - HIGH | 2022-12-05 | 2023-08-08 |
| CVE-2022-37251 json | Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. | 5.4 - MEDIUM | 2022-09-16 | 2022-09-21 |
| CVE-2022-37250 json | Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. | 5.4 - MEDIUM | 2022-09-16 | 2022-09-17 |
Known software with vulnerabilities from Craftcms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Craftcms | Craft Cms | 0.9.0 |