Craftcms: >> Craft Cms >> 3.1.12 Security Vulnerabilities
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
CVSS Score
9.8
EPSS Score
0.943
Published
2020-03-04
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
CVSS Score
6.1
EPSS Score
0.015
Published
2019-12-31
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-11
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
CVSS Score
5.3
EPSS Score
0.159
Published
2019-07-26
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-06-18
Page 3