Craftcms

Craft Cms

75 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2023-33194

Exploit
  • EPSS 0.06%
  • Veröffentlicht 26.05.2023 21:15:20
  • Zuletzt bearbeitet 21.11.2024 08:05:05

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it whe...

5.4

CVE-2023-33197

Exploit
  • EPSS 0.37%
  • Veröffentlicht 26.05.2023 20:15:48
  • Zuletzt bearbeitet 21.11.2024 08:05:06

Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.

5.4

CVE-2023-2817

  • EPSS 0.2%
  • Veröffentlicht 26.05.2023 17:15:17
  • Zuletzt bearbeitet 15.01.2025 16:15:26

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visi...

7.2

CVE-2023-32679

Exploit
  • EPSS 25.35%
  • Veröffentlicht 19.05.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:03:50

Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> re...

8.8

CVE-2023-30130

Exploit
  • EPSS 4.98%
  • Veröffentlicht 12.05.2023 11:15:13
  • Zuletzt bearbeitet 24.01.2025 16:15:32

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.

6.1

CVE-2023-31144

  • EPSS 0.57%
  • Veröffentlicht 09.05.2023 16:15:14
  • Zuletzt bearbeitet 21.11.2024 08:01:29

Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.

6.1

CVE-2023-30177

  • EPSS 0.12%
  • Veröffentlicht 25.04.2023 18:15:09
  • Zuletzt bearbeitet 03.02.2025 18:15:31

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

5.4

CVE-2023-23927

Exploit
  • EPSS 9.55%
  • Veröffentlicht 03.03.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:47:07

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in v...

7.5

CVE-2022-37783

Exploit
  • EPSS 1.4%
  • Veröffentlicht 05.12.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:15:09

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_T...

5.4

CVE-2022-37246

  • EPSS 0.31%
  • Veröffentlicht 21.09.2022 15:15:14
  • Zuletzt bearbeitet 27.05.2025 19:15:22

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.