Maven package
org.craftercms/crafter-core
pkg:maven/org.craftercms/crafter-core
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15680 | — | >= 3.0.0, < 3.0.1 | 3.0.1 | Nov 27, 2020 | In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. | ||
| CVE-2017-15682 | — | >= 3.0.0, < 3.0.1 | 3.0.1 | Nov 27, 2020 | In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. | ||
| CVE-2017-15683 | — | >= 3.0.0, < 3.0.1 | 3.0.1 | Nov 27, 2020 | In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. |
- CVE-2017-15680Nov 27, 2020affected >= 3.0.0, < 3.0.1fixed 3.0.1
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
- CVE-2017-15682Nov 27, 2020affected >= 3.0.0, < 3.0.1fixed 3.0.1
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
- CVE-2017-15683Nov 27, 2020affected >= 3.0.0, < 3.0.1fixed 3.0.1
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.