CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37251
https://notcve.org/view.php?id=CVE-2022-37251
16 Sep 2022 — Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. Craft CMS versión 4.2.0.1, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de Drafts • http://craft.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37247
https://notcve.org/view.php?id=CVE-2022-37247
16 Sep 2022 — Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. Craft CMS versión 4.2.0.1, es vulnerable a un ataque de tipo cross-site scripting (XSS) almacenado por medio de la página /admin/settings/fields • https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37248
https://notcve.org/view.php?id=CVE-2022-37248
16 Sep 2022 — Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. Craft CMS versión 4.2.0.1, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del archivo src/helpers/Cp.php • https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37250
https://notcve.org/view.php?id=CVE-2022-37250
16 Sep 2022 — Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. Craft CMS versión 4.2.0.1, sufre de un ataque de tipo Cross Site Scripting (XSS) Almacenado en /admin/myaccount • https://github.com/craftcms/cms/commit/cdc9cb66d0716c9552e4113c8e426fd1a31f9516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 3CVE-2022-29933 – Craft CMS 3.7.36 Password Reset Poisoning Attack
https://notcve.org/view.php?id=CVE-2022-29933
06 May 2022 — Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not us... • https://packetstorm.news/files/id/166989 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28378
https://notcve.org/view.php?id=CVE-2022-28378
03 Apr 2022 — Craft CMS before 3.7.29 allows XSS. Craft CMS versiones anteriores a 3.7.29 permite una vulnerabilidad de tipo XSS • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41824
https://notcve.org/view.php?id=CVE-2021-41824
29 Sep 2021 — Craft CMS before 3.7.14 allows CSV injection. Craft CMS versiones anteriores a 3.7.14 permite una inyección de CSV • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3714---2021-09-28 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2021-27903
https://notcve.org/view.php?id=CVE-2021-27903
30 Jun 2021 — An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session). Se ha detectado un problema en Craft CMS versiones anteriores a 3.6.7. En algunas circunstancias, se presentaba una potencial vulnerabilidad de ejecución de código remota en sitios que no restringían los cambios administrativos (si un atacante era capaz d... • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27902
https://notcve.org/view.php?id=CVE-2021-27902
30 Jun 2021 — An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads. Se ha detectado un problema en Craft CMS versiones anteriores a 3.6.0. En algunas circunstancias, se presentaba una potencial vulnerabilidad de tipo XSS en relación con los formularios del front-end que aceptaban las cargas de los usuarios • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32470
https://notcve.org/view.php?id=CVE-2021-32470
07 May 2021 — Craft CMS before 3.6.13 has an XSS vulnerability. Un CMS diseñado, versiones anteriores a 3.6.13, presenta una vulnerabilidad de tipo XSS • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3613---2021-05-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •