Craft CMS
by Craftcms
Source repositories
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37246 | 0.00 | — | 0.00 | Sep 21, 2022 | Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. | |||
| CVE-2022-37251 | 0.00 | — | 0.00 | Sep 16, 2022 | Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. | |||
| CVE-2022-37247 | 0.00 | — | 0.00 | Sep 16, 2022 | Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. | |||
| CVE-2022-37248 | 0.00 | — | 0.01 | Sep 16, 2022 | Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. | |||
| CVE-2022-37250 | 0.00 | — | 0.01 | Sep 16, 2022 | Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. | |||
| CVE-2022-29933 | 0.00 | — | 0.04 | May 9, 2022 | Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically,… | |||
| CVE-2022-28378 | 0.00 | — | 0.01 | Apr 3, 2022 | Craft CMS before 3.7.29 allows XSS. |
- CVE-2022-37246Sep 21, 2022risk 0.00cvss —epss 0.00
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.
- CVE-2022-37251Sep 16, 2022risk 0.00cvss —epss 0.00
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
- CVE-2022-37247Sep 16, 2022risk 0.00cvss —epss 0.00
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
- CVE-2022-37248Sep 16, 2022risk 0.00cvss —epss 0.01
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
- CVE-2022-37250Sep 16, 2022risk 0.00cvss —epss 0.01
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
- CVE-2022-29933May 9, 2022risk 0.00cvss —epss 0.04
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically,…
- CVE-2022-28378Apr 3, 2022risk 0.00cvss —epss 0.01
Craft CMS before 3.7.29 allows XSS.
Page 2 of 2