Craftcms: >> Craft Cms >> 3.1.31 Security Vulnerabilities
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-26
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
CVSS Score
9.8
EPSS Score
0.943
Published
2020-03-04
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-11
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
CVSS Score
5.3
EPSS Score
0.159
Published
2019-07-26
Page 3