Craftcms: >> Craft Cms >> 3.1.10 Security Vulnerabilities
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-11
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
CVSS Score
5.3
EPSS Score
0.159
Published
2019-07-26
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-18
Page 3