Magnolia-Cms: >> Magnolia Cms >> 5.5.10 Security Vulnerabilities
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-02-11
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
CVSS Score
9.8
EPSS Score
0.029
Published
2022-02-11
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.
CVSS Score
7.8
EPSS Score
0.017
Published
2022-02-11
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
CVSS Score
7.8
EPSS Score
0.01
Published
2022-02-11
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-02-11
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-02-11