Page 6 of 44 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Craft CMS before 3.7.14 allows CSV injection. Craft CMS versiones anteriores a 3.7.14 permite una inyección de CSV • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3714---2021-09-28 https://github.com/craftcms/cms/security/advisories/GHSA-h7vq-5qgw-jwwq https://twitter.com/craftcmsupdates/status/1442928690145366018 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session). Se ha detectado un problema en Craft CMS versiones anteriores a 3.6.7. En algunas circunstancias, se presentaba una potencial vulnerabilidad de ejecución de código remota en sitios que no restringían los cambios administrativos (si un atacante era capaz de secuestrar de alguna manera la sesión de un administrador) • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23 https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38 • CWE-862: Missing Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads. Se ha detectado un problema en Craft CMS versiones anteriores a 3.6.0. En algunas circunstancias, se presentaba una potencial vulnerabilidad de tipo XSS en relación con los formularios del front-end que aceptaban las cargas de los usuarios • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26 https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1 https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Craft CMS before 3.6.13 has an XSS vulnerability. Un CMS diseñado, versiones anteriores a 3.6.13, presenta una vulnerabilidad de tipo XSS • https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3613---2021-05-04 https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en craftcms versión 3.1.31, permite a atacantes remotos inyectar un script web o HTML arbitrario, por medio de /admin/settings/sites/new. • http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •