CVE-2022-28378
https://notcve.org/view.php?id=CVE-2022-28378
Craft CMS before 3.7.29 allows XSS. Craft CMS versiones anteriores a 3.7.29 permite una vulnerabilidad de tipo XSS • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-41824
https://notcve.org/view.php?id=CVE-2021-41824
Craft CMS before 3.7.14 allows CSV injection. Craft CMS versiones anteriores a 3.7.14 permite una inyección de CSV • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3714---2021-09-28 https://github.com/craftcms/cms/security/advisories/GHSA-h7vq-5qgw-jwwq https://twitter.com/craftcmsupdates/status/1442928690145366018 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2021-27903
https://notcve.org/view.php?id=CVE-2021-27903
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session). Se ha detectado un problema en Craft CMS versiones anteriores a 3.6.7. En algunas circunstancias, se presentaba una potencial vulnerabilidad de ejecución de código remota en sitios que no restringían los cambios administrativos (si un atacante era capaz de secuestrar de alguna manera la sesión de un administrador) • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23 https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38 • CWE-862: Missing Authorization •
CVE-2021-27902
https://notcve.org/view.php?id=CVE-2021-27902
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads. Se ha detectado un problema en Craft CMS versiones anteriores a 3.6.0. En algunas circunstancias, se presentaba una potencial vulnerabilidad de tipo XSS en relación con los formularios del front-end que aceptaban las cargas de los usuarios • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26 https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1 https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-32470
https://notcve.org/view.php?id=CVE-2021-32470
Craft CMS before 3.6.13 has an XSS vulnerability. Un CMS diseñado, versiones anteriores a 3.6.13, presenta una vulnerabilidad de tipo XSS • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3613---2021-05-04 https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •