Craftcms ≫ Craft Cms

Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.

Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker ...

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volu...

Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in ...

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has bee...

Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltratio...

Craft CMS through 4.4.9 is vulnerable to HTML Injection.

CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: th...