Known Vulnerabilities for products from Magnolia-cms
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Magnolia-cms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-33098 json | Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This... | 6.1 - MEDIUM | 2022-07-07 | 2022-07-15 |
| CVE-2021-46366 json | An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability a... | 8.8 - HIGH | 2022-02-11 | 2022-07-12 |
| CVE-2021-46365 json | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a cr... | 7.8 - HIGH | 2022-02-11 | 2022-04-19 |
| CVE-2021-46364 json | A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a cr... | 7.8 - HIGH | 2022-02-11 | 2022-03-29 |
| CVE-2021-46363 json | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafte... | 7.8 - HIGH | 2022-02-11 | 2022-06-05 |
| CVE-2021-46362 json | A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and... | 9.8 - CRITICAL | 2022-02-11 | 2023-08-08 |
| CVE-2021-46361 json | An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execut... | 9.8 - CRITICAL | 2022-02-11 | 2022-02-22 |
| CVE-2021-25894 json | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/mem... | 6.1 - MEDIUM | 2021-04-02 | 2021-04-15 |
| CVE-2021-25893 json | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magn... | 5.4 - MEDIUM | 2021-04-02 | 2021-04-15 |
| CVE-2013-4759 json | Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Mag... | Not Provided | 2013-08-09 | 2026-04-29 |
Known software with vulnerabilities from Magnolia-cms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Magnolia-cms | Magnolia Cms | 4.5.7 |
| Application | Magnolia-cms | Magnolia Form Module | 1.4.7 |