Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20418 | 1 Craftcms | 1 Craft Cms | 2019-03-16 | 3.5 LOW | 4.8 MEDIUM |
| index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab. | |||||
| CVE-2017-9516 | 1 Craftcms | 1 Craft Cms | 2017-08-13 | 3.5 LOW | 5.4 MEDIUM |
| Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. | |||||
| CVE-2017-8385 | 1 Craftcms | 1 Craft Cms | 2017-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. | |||||
| CVE-2017-8384 | 1 Craftcms | 1 Craft Cms | 2017-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. | |||||
| CVE-2017-8052 | 1 Craftcms | 1 Craft Cms | 2017-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2974 allows XSS attacks. | |||||