CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-15685

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 83.9%

CVSS Severity

CVSS v3 Score 8.6

CVSS v2 Score 5.0

References

http://crafter.com
https://docs.craftercms.org/en/3.0/security/advisory.html
http://crafter.com
https://docs.craftercms.org/en/3.0/security/advisory.html

Products affected by CVE-2017-15685

Craftercms » Crafter Cms » Version: 3.0.0

cpe:2.3:a:craftercms:crafter_cms:3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-15685

Products

Pricing

Contact Us