Craftcms: >> Craft Cms >> 2.0.2532 Security Vulnerabilities
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-05-01
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-05-01
Craft CMS before 2.6.2974 allows XSS attacks.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-04-22
Page 3