Magnolia
Products
5- 7 CVEs
- 5 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-46362 | Cri | 0.64 | 9.8 | 0.04 | Feb 11, 2022 | A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | ||
| CVE-2022-33098 | Med | 0.47 | 6.1 | 0.51 | Jul 7, 2022 | Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||
| CVE-2021-20729 | Med | 0.40 | 6.1 | 0.03 | Mar 31, 2022 | Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. | ||
| CVE-2021-25894 | Med | 0.40 | 6.1 | 0.01 | Apr 2, 2021 | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. | ||
| CVE-2021-25893 | Med | 0.35 | 5.4 | 0.01 | Apr 2, 2021 | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. | ||
| CVE-2013-4759 | 0.03 | — | 0.04 | Aug 9, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to… | |||
| CVE-2005-4361 | 0.03 | — | 0.02 | Dec 20, 2005 | Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||
| CVE-2025-34174 | 0.01 | — | 0.10 | Sep 9, 2025 | In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be… | |||
| CVE-2024-29296 | 0.01 | — | 0.01 | Apr 10, 2024 | A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. | |||
| CVE-2024-47140 | 0.00 | — | 0.01 | Jan 15, 2025 | A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | |||
| CVE-2024-55088 | 0.00 | — | 0.00 | Dec 18, 2024 | GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. | |||
| CVE-2024-8648 | 0.00 | — | 0.00 | Nov 14, 2024 | An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL. | |||
| CVE-2008-1953 | 0.00 | — | 0.01 | Apr 25, 2008 | Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2008-0701 | 0.00 | — | 0.01 | Feb 12, 2008 | ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content. |
- risk 0.64cvss 9.8epss 0.04
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
- risk 0.47cvss 6.1epss 0.51
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- risk 0.40cvss 6.1epss 0.03
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
- risk 0.40cvss 6.1epss 0.01
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.
- risk 0.35cvss 5.4epss 0.01
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.
- CVE-2013-4759Aug 9, 2013risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to…
- CVE-2005-4361Dec 20, 2005risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
- CVE-2025-34174Sep 9, 2025risk 0.01cvss —epss 0.10
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be…
- CVE-2024-29296Apr 10, 2024risk 0.01cvss —epss 0.01
A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.
- CVE-2024-47140Jan 15, 2025risk 0.00cvss —epss 0.01
A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.
- CVE-2024-55088Dec 18, 2024risk 0.00cvss —epss 0.00
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.
- CVE-2024-8648Nov 14, 2024risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL.
- CVE-2008-1953Apr 25, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are…
- CVE-2008-0701Feb 12, 2008risk 0.00cvss —epss 0.01
ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.