VYPR

Magnolia CMS

by Magnolia

CVEs (5)

  • CVE-2021-46362CriFeb 11, 2022
    risk 0.64cvss 9.8epss 0.04

    A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.

  • CVE-2022-33098MedJul 7, 2022
    risk 0.47cvss 6.1epss 0.51

    Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2021-25894MedApr 2, 2021
    risk 0.40cvss 6.1epss 0.01

    Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.

  • CVE-2021-25893MedApr 2, 2021
    risk 0.35cvss 5.4epss 0.01

    Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.

  • CVE-2008-0701Feb 12, 2008
    risk 0.00cvss epss 0.01

    ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.