CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-23927 – Craft CMS stored cross-site scripting vulnerability
https://notcve.org/view.php?id=CVE-2023-23927
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7. • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03 https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37783
https://notcve.org/view.php?id=CVE-2022-37783
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework. Todas las versiones de Craft CMS entre 3.0.0 y 3.7.32 revelan hashes de contraseñas de usuarios que se autentican utilizando su dirección de correo electrónico o nombre de usuario en tokens Anti-CSRF. Craft CMS utiliza una cookie llamada CRAFT_CSRF_TOKEN y un campo oculto HTML llamado CRAFT_CSRF_TOKEN para evitar ataques de Cross Site Request Forgery. • http://www.openwall.com/lists/oss-security/2024/06/06/1 https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes https://cves.at/posts/cve-2022-37783/writeup • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-29933 – Craft CMS 3.7.36 Password Reset Poisoning Attack
https://notcve.org/view.php?id=CVE-2022-29933
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration). Craft CMS versiones hasta 3.7.36, permite a un atacante remoto no autenticado, que conoce al menos un nombre de usuario válido, restablecer la contraseña de la cuenta y tomar el control de la cuenta proporcionando un encabezado HTTP diseñado a la aplicación mientras es usada la funcionalidad password reset. • http://packetstormsecurity.com/files/166989/Craft-CMS-3.7.36-Password-Reset-Poisoning-Attack.html https://github.com/craftcms/cms/blob/develop/CHANGELOG.md https://sec-consult.com/vulnerability-lab https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28378
https://notcve.org/view.php?id=CVE-2022-28378
Craft CMS before 3.7.29 allows XSS. Craft CMS versiones anteriores a 3.7.29 permite una vulnerabilidad de tipo XSS • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41824
https://notcve.org/view.php?id=CVE-2021-41824
Craft CMS before 3.7.14 allows CSV injection. Craft CMS versiones anteriores a 3.7.14 permite una inyección de CSV • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3714---2021-09-28 https://github.com/craftcms/cms/security/advisories/GHSA-h7vq-5qgw-jwwq https://twitter.com/craftcmsupdates/status/1442928690145366018 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •