VYPR

Craft CMS

by Craftcms

Source repositories

CVEs (27)

  • CVE-2022-37246Sep 21, 2022
    risk 0.00cvss epss 0.00

    Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.

  • CVE-2022-37251Sep 16, 2022
    risk 0.00cvss epss 0.00

    Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.

  • CVE-2022-37247Sep 16, 2022
    risk 0.00cvss epss 0.00

    Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.

  • CVE-2022-37248Sep 16, 2022
    risk 0.00cvss epss 0.01

    Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.

  • CVE-2022-37250Sep 16, 2022
    risk 0.00cvss epss 0.01

    Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.

  • CVE-2022-29933May 9, 2022
    risk 0.00cvss epss 0.04

    Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically,…

  • CVE-2022-28378Apr 3, 2022
    risk 0.00cvss epss 0.01

    Craft CMS before 3.7.29 allows XSS.

Page 2 of 2