Craft Cms
Sign in to watchby Craftcms
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8384 | Med | 0.40 | 6.1 | 0.00 | May 1, 2017 | Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. | |
| CVE-2017-9516 | Med | 0.38 | 5.4 | 0.01 | Jun 8, 2017 | Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. | |
| CVE-2017-8383 | Med | 0.34 | 5.3 | 0.00 | May 1, 2017 | Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. | |
| CVE-2017-8052 | Med | 0.33 | 6.1 | 0.00 | Apr 22, 2017 | Craft CMS before 2.6.2974 allows XSS attacks. | |
| CVE-2017-8385 | Med | 0.27 | 5.3 | 0.00 | May 1, 2017 | Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. |