Craftcms: >> Craft Cms >> 0.9.2116 Security Vulnerabilities
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-30
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
CVSS Score
9.8
EPSS Score
0.038
Published
2021-06-30
Craft CMS before 3.6.13 has an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-05-07
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
CVSS Score
9.8
EPSS Score
0.935
Published
2020-03-04
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-24
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-11
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-18
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.
CVSS Score
7.2
EPSS Score
0.002
Published
2018-12-25
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
CVSS Score
5.4
EPSS Score
0.009
Published
2017-06-08
Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-05-01