Craftercms: >> Crafter Cms Security Vulnerabilities
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
CVSS Score
4.2
EPSS Score
0.005
Published
2021-12-02
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).
CVSS Score
5.9
EPSS Score
0.011
Published
2021-12-02
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
CVSS Score
8.1
EPSS Score
0.011
Published
2021-12-02
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVSS Score
6.1
EPSS Score
0.014
Published
2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVSS Score
8.6
EPSS Score
0.019
Published
2020-11-27
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.
CVSS Score
7.5
EPSS Score
0.031
Published
2020-11-27
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVSS Score
8.6
EPSS Score
0.023
Published
2020-11-27
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
CVSS Score
6.5
EPSS Score
0.009
Published
2020-11-27
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
CVSS Score
9.8
EPSS Score
0.02
Published
2020-11-27