CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15680
https://notcve.org/view.php?id=CVE-2017-15680
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. En Crafter CMS Crafter Studio versión 3.0.1, se presenta una vulnerabilidad IDOR que permite a atacantes no autenticados visualizar y modificar datos administrativos • http://crafter.com https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15681
https://notcve.org/view.php?id=CVE-2017-15681
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE. En Crafter CMS Crafter Studio versión 3.0.1, se presenta una vulnerabilidad de salto de directorio que permite a atacantes no autenticados sobrescribir archivos del sistema operativo que pueden conllevar a una RCE • http://crafter.com https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15682
https://notcve.org/view.php?id=CVE-2017-15682
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. En Crafter CMS Crafter Studio versión 3.0.1, un atacante no autenticado es capaz de inyectar código JavaScript malicioso, resultando en una vulnerabilidad de tipo XSS almacenado y oculto en el panel de administración • http://crafter.com https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15683
https://notcve.org/view.php?id=CVE-2017-15683
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. En Crafter CMS Crafter Studio versión 3.0.1, un atacante no autenticado es capaz de crear un sitio con XML especialmente diseñado que permite la recuperación de archivos del Sistema Operativo fuera de banda • http://crafter.com https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15684
https://notcve.org/view.php?id=CVE-2017-15684
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. Crafter CMS Crafter Studio versión 3.0.1, presenta una vulnerabilidad de salto de directorios que permite a atacantes no autenticados visualizar archivos del sistema operativo • http://crafter.com https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •