CVE-2017-15682
https://notcve.org/view.php?id=CVE-2017-15682
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. En Crafter CMS Crafter Studio versión 3.0.1, un atacante no autenticado es capaz de inyectar código JavaScript malicioso, resultando en una vulnerabilidad de tipo XSS almacenado y oculto en el panel de administración • http://crafter.com https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15683
https://notcve.org/view.php?id=CVE-2017-15683
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. En Crafter CMS Crafter Studio versión 3.0.1, un atacante no autenticado es capaz de crear un sitio con XML especialmente diseñado que permite la recuperación de archivos del Sistema Operativo fuera de banda • http://crafter.com https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVE-2017-15684
https://notcve.org/view.php?id=CVE-2017-15684
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. Crafter CMS Crafter Studio versión 3.0.1, presenta una vulnerabilidad de salto de directorios que permite a atacantes no autenticados visualizar archivos del sistema operativo • http://crafter.com https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-15685
https://notcve.org/view.php?id=CVE-2017-15685
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. Crafter CMS Crafter Studio versión 3.0.1, está afectado por: un ataque de tipo XML External Entity (XXE). Un atacante no autenticado es capaz de crear un sitio con XML especialmente diseñado que permite la recuperación de archivos del Sistema Operativo fuera de banda • http://crafter.com https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVE-2017-15686
https://notcve.org/view.php?id=CVE-2017-15686
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies. Crafter CMS Crafter Studio versión 3.0.1, está afectado por: una vulnerabilidad de tipo Cross Site Scripting (XSS), que permite a atacantes remotos robar las cookies de unos usuarios • https://docs.craftercms.org/en/3.0/security/advisory.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •