Verbb: Security Vulnerabilities
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-06-05
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-05
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-05
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVSS Score
9.1
EPSS Score
0.003
Published
2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-25