Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/craftcms/cms@2.6.2985
Typecomposer
Namespacecraftcms
Namecms
Version2.6.2985
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.17.12
Latest_non_vulnerable_version5.9.18
Affected_by_vulnerabilities
0
url VCID-3r9x-ax4j-3yha
vulnerability_id VCID-3r9x-ax4j-3yha
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Craft CMS before 3.7.29 allows XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28378
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56045
published_at 2026-06-04T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.561
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28378
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18
3
reference_url https://github.com/craftcms/cms/commit/7ca2b2d2ccecfb524525afc8ceac6f6e44f84b88
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/7ca2b2d2ccecfb524525afc8ceac6f6e44f84b88
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28378
reference_id CVE-2022-28378
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28378
5
reference_url https://github.com/advisories/GHSA-7xj5-fwqr-5378
reference_id GHSA-7xj5-fwqr-5378
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xj5-fwqr-5378
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.29
purl pkg:composer/craftcms/cms@3.7.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-41y2-tucq-ykaj
1
vulnerability VCID-5mnd-qvaq-k3am
2
vulnerability VCID-5pur-jy1x-gfhv
3
vulnerability VCID-6hcd-ayyh-3fdb
4
vulnerability VCID-8pjj-w8h7-p7ga
5
vulnerability VCID-aajd-9qsf-37cr
6
vulnerability VCID-c2nk-y4rx-1qf4
7
vulnerability VCID-chep-xthg-zuee
8
vulnerability VCID-cwm6-qf1f-2keb
9
vulnerability VCID-dz26-b2ts-puep
10
vulnerability VCID-ec34-nvn3-qbcb
11
vulnerability VCID-eecq-8t4y-kka3
12
vulnerability VCID-fpea-e48p-kfbn
13
vulnerability VCID-hkp9-3hzv-quhk
14
vulnerability VCID-hm7h-7cu3-8be1
15
vulnerability VCID-jhen-vhqx-n7dr
16
vulnerability VCID-jxet-d8ux-mkge
17
vulnerability VCID-qcwp-su57-9fa1
18
vulnerability VCID-qq68-3j4y-47am
19
vulnerability VCID-rb7c-3nkc-gkeg
20
vulnerability VCID-s5v6-e631-17f5
21
vulnerability VCID-vbz3-3rqd-3fh6
22
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29
aliases CVE-2022-28378, GHSA-7xj5-fwqr-5378
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3r9x-ax4j-3yha
1
url VCID-3twn-e7up-2ugq
vulnerability_id VCID-3twn-e7up-2ugq
summary 
Missing Encryption of Sensitive Data
Craft CMS allows remote authenticated administrators to read sensitive information via server-side template injection which causes a cleartext username and password to be displayed in a URI field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20465
reference_id
reference_type
scores
0
value 0.00664
scoring_system epss
scoring_elements 0.71581
published_at 2026-06-04T12:55:00Z
1
value 0.00664
scoring_system epss
scoring_elements 0.71626
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20465
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md
3
reference_url https://github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20465
reference_id CVE-2018-20465
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20465
fixed_packages
0
url pkg:composer/craftcms/cms@3.0.35
purl pkg:composer/craftcms/cms@3.0.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-41y2-tucq-ykaj
2
vulnerability VCID-5mnd-qvaq-k3am
3
vulnerability VCID-5pur-jy1x-gfhv
4
vulnerability VCID-6hcd-ayyh-3fdb
5
vulnerability VCID-8pjj-w8h7-p7ga
6
vulnerability VCID-9kjs-xj6x-y3gb
7
vulnerability VCID-aajd-9qsf-37cr
8
vulnerability VCID-adak-sn51-23gd
9
vulnerability VCID-c2nk-y4rx-1qf4
10
vulnerability VCID-cwm6-qf1f-2keb
11
vulnerability VCID-dz26-b2ts-puep
12
vulnerability VCID-ec34-nvn3-qbcb
13
vulnerability VCID-eecq-8t4y-kka3
14
vulnerability VCID-hm7h-7cu3-8be1
15
vulnerability VCID-jhen-vhqx-n7dr
16
vulnerability VCID-jxet-d8ux-mkge
17
vulnerability VCID-n1z8-7a8m-rfcc
18
vulnerability VCID-nz6e-26rc-f3fa
19
vulnerability VCID-qcwp-su57-9fa1
20
vulnerability VCID-qq68-3j4y-47am
21
vulnerability VCID-rx96-8kfy-4ugu
22
vulnerability VCID-s5v6-e631-17f5
23
vulnerability VCID-u4t8-gkkb-73bv
24
vulnerability VCID-vbz3-3rqd-3fh6
25
vulnerability VCID-xc5n-1vqa-tqaz
26
vulnerability VCID-xv52-rc7v-yba8
27
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.35
aliases CVE-2018-20465, GHSA-j7fx-v37j-v3w7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3twn-e7up-2ugq
2
url VCID-41y2-tucq-ykaj
vulnerability_id VCID-41y2-tucq-ykaj
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23927
reference_id
reference_type
scores
0
value 0.02749
scoring_system epss
scoring_elements 0.8627
published_at 2026-06-04T12:55:00Z
1
value 0.02749
scoring_system epss
scoring_elements 0.86292
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23927
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03
3
reference_url https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/
url https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23927
reference_id CVE-2023-23927
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23927
5
reference_url https://github.com/advisories/GHSA-qcrj-6ffc-v7hq
reference_id GHSA-qcrj-6ffc-v7hq
reference_type
scores
url https://github.com/advisories/GHSA-qcrj-6ffc-v7hq
6
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq
reference_id GHSA-qcrj-6ffc-v7hq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.64
purl pkg:composer/craftcms/cms@3.7.64
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-41y2-tucq-ykaj
1
vulnerability VCID-5mnd-qvaq-k3am
2
vulnerability VCID-5pur-jy1x-gfhv
3
vulnerability VCID-6hcd-ayyh-3fdb
4
vulnerability VCID-aajd-9qsf-37cr
5
vulnerability VCID-c2nk-y4rx-1qf4
6
vulnerability VCID-chep-xthg-zuee
7
vulnerability VCID-dz26-b2ts-puep
8
vulnerability VCID-ec34-nvn3-qbcb
9
vulnerability VCID-fpea-e48p-kfbn
10
vulnerability VCID-hkp9-3hzv-quhk
11
vulnerability VCID-hm7h-7cu3-8be1
12
vulnerability VCID-jhen-vhqx-n7dr
13
vulnerability VCID-jxet-d8ux-mkge
14
vulnerability VCID-qcwp-su57-9fa1
15
vulnerability VCID-qq68-3j4y-47am
16
vulnerability VCID-rb7c-3nkc-gkeg
17
vulnerability VCID-s5v6-e631-17f5
18
vulnerability VCID-vbz3-3rqd-3fh6
19
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.64
1
url pkg:composer/craftcms/cms@4.3.7
purl pkg:composer/craftcms/cms@4.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-2vn9-2cs3-vbg3
3
vulnerability VCID-41uv-1axm-fugb
4
vulnerability VCID-4wkr-jx1w-77hn
5
vulnerability VCID-5cxe-tjpb-3qan
6
vulnerability VCID-5mnd-qvaq-k3am
7
vulnerability VCID-5pur-jy1x-gfhv
8
vulnerability VCID-6hcd-ayyh-3fdb
9
vulnerability VCID-71sv-62m4-z3er
10
vulnerability VCID-7y4f-ef7t-47eb
11
vulnerability VCID-83rt-3tyj-qbgx
12
vulnerability VCID-8u2j-17a4-q7eh
13
vulnerability VCID-9ca4-tbhq-27ad
14
vulnerability VCID-9enr-b6zd-mbh8
15
vulnerability VCID-aajd-9qsf-37cr
16
vulnerability VCID-akrv-yqnf-1kg8
17
vulnerability VCID-azr5-12f8-hfbm
18
vulnerability VCID-c2nk-y4rx-1qf4
19
vulnerability VCID-chep-xthg-zuee
20
vulnerability VCID-cys8-jnmu-77ec
21
vulnerability VCID-dz26-b2ts-puep
22
vulnerability VCID-e94m-mj1k-8kbr
23
vulnerability VCID-eaxm-rjr7-xudb
24
vulnerability VCID-ec34-nvn3-qbcb
25
vulnerability VCID-efwv-r3nc-73h9
26
vulnerability VCID-f7gc-cgka-tycr
27
vulnerability VCID-fpea-e48p-kfbn
28
vulnerability VCID-fpke-p7sz-nfc9
29
vulnerability VCID-gzry-xtu5-ukhu
30
vulnerability VCID-h6t5-pdp5-8qhe
31
vulnerability VCID-hkp9-3hzv-quhk
32
vulnerability VCID-hm7h-7cu3-8be1
33
vulnerability VCID-hyct-5gap-7kdu
34
vulnerability VCID-jeyh-3jxd-z3g6
35
vulnerability VCID-jhen-vhqx-n7dr
36
vulnerability VCID-jsfs-azcs-mfcm
37
vulnerability VCID-jxet-d8ux-mkge
38
vulnerability VCID-jxz8-g6fq-dubw
39
vulnerability VCID-kbrc-85av-nfcn
40
vulnerability VCID-m5rf-usae-yfb7
41
vulnerability VCID-nmzu-mefv-tqeh
42
vulnerability VCID-ppet-ruae-1kav
43
vulnerability VCID-qcwp-su57-9fa1
44
vulnerability VCID-qq68-3j4y-47am
45
vulnerability VCID-qwmy-d2e8-5khw
46
vulnerability VCID-qywv-vf4r-8bh9
47
vulnerability VCID-r5hp-5nju-9ubz
48
vulnerability VCID-rb7c-3nkc-gkeg
49
vulnerability VCID-rvrz-498f-2uet
50
vulnerability VCID-rzq4-h1ms-nqef
51
vulnerability VCID-sa99-8awj-eycd
52
vulnerability VCID-twuy-wzb7-k7g3
53
vulnerability VCID-tzjk-x116-ayge
54
vulnerability VCID-vasz-rnn1-67ev
55
vulnerability VCID-w9yn-1573-hyau
56
vulnerability VCID-wcx6-wed9-gub2
57
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.3.7
aliases CVE-2023-23927, GHSA-qcrj-6ffc-v7hq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41y2-tucq-ykaj
3
url VCID-5pur-jy1x-gfhv
vulnerability_id VCID-5pur-jy1x-gfhv
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33197
reference_id
reference_type
scores
0
value 0.00848
scoring_system epss
scoring_elements 0.75246
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33197
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/
url https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766
3
reference_url https://github.com/craftcms/cms/releases/tag/4.4.6
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/
url https://github.com/craftcms/cms/releases/tag/4.4.6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33197
reference_id CVE-2023-33197
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33197
5
reference_url https://github.com/advisories/GHSA-6qjx-787v-6pxr
reference_id GHSA-6qjx-787v-6pxr
reference_type
scores
url https://github.com/advisories/GHSA-6qjx-787v-6pxr
6
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr
reference_id GHSA-6qjx-787v-6pxr
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.6
purl pkg:composer/craftcms/cms@4.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-2vn9-2cs3-vbg3
3
vulnerability VCID-41uv-1axm-fugb
4
vulnerability VCID-4wkr-jx1w-77hn
5
vulnerability VCID-5cxe-tjpb-3qan
6
vulnerability VCID-5mnd-qvaq-k3am
7
vulnerability VCID-71sv-62m4-z3er
8
vulnerability VCID-7y4f-ef7t-47eb
9
vulnerability VCID-83rt-3tyj-qbgx
10
vulnerability VCID-8u2j-17a4-q7eh
11
vulnerability VCID-9ca4-tbhq-27ad
12
vulnerability VCID-9enr-b6zd-mbh8
13
vulnerability VCID-aajd-9qsf-37cr
14
vulnerability VCID-akrv-yqnf-1kg8
15
vulnerability VCID-azr5-12f8-hfbm
16
vulnerability VCID-c2nk-y4rx-1qf4
17
vulnerability VCID-chep-xthg-zuee
18
vulnerability VCID-cys8-jnmu-77ec
19
vulnerability VCID-dz26-b2ts-puep
20
vulnerability VCID-e94m-mj1k-8kbr
21
vulnerability VCID-eaxm-rjr7-xudb
22
vulnerability VCID-ec34-nvn3-qbcb
23
vulnerability VCID-efwv-r3nc-73h9
24
vulnerability VCID-f7gc-cgka-tycr
25
vulnerability VCID-fpea-e48p-kfbn
26
vulnerability VCID-fpke-p7sz-nfc9
27
vulnerability VCID-gzry-xtu5-ukhu
28
vulnerability VCID-h6t5-pdp5-8qhe
29
vulnerability VCID-hkp9-3hzv-quhk
30
vulnerability VCID-hyct-5gap-7kdu
31
vulnerability VCID-jeyh-3jxd-z3g6
32
vulnerability VCID-jhen-vhqx-n7dr
33
vulnerability VCID-jsfs-azcs-mfcm
34
vulnerability VCID-jxet-d8ux-mkge
35
vulnerability VCID-jxz8-g6fq-dubw
36
vulnerability VCID-kbrc-85av-nfcn
37
vulnerability VCID-m5rf-usae-yfb7
38
vulnerability VCID-nmzu-mefv-tqeh
39
vulnerability VCID-ppet-ruae-1kav
40
vulnerability VCID-qq68-3j4y-47am
41
vulnerability VCID-qwmy-d2e8-5khw
42
vulnerability VCID-qywv-vf4r-8bh9
43
vulnerability VCID-r5hp-5nju-9ubz
44
vulnerability VCID-rb7c-3nkc-gkeg
45
vulnerability VCID-rzq4-h1ms-nqef
46
vulnerability VCID-sa99-8awj-eycd
47
vulnerability VCID-twuy-wzb7-k7g3
48
vulnerability VCID-tzjk-x116-ayge
49
vulnerability VCID-vasz-rnn1-67ev
50
vulnerability VCID-w9yn-1573-hyau
51
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6
aliases CVE-2023-33197, GHSA-6qjx-787v-6pxr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pur-jy1x-gfhv
4
url VCID-8pjj-w8h7-p7ga
vulnerability_id VCID-8pjj-w8h7-p7ga
summary 
Weak Password Recovery Mechanism for Forgotten Password
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).
references
0
reference_url http://packetstormsecurity.com/files/166989/Craft-CMS-3.7.36-Password-Reset-Poisoning-Attack.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/166989/Craft-CMS-3.7.36-Password-Reset-Poisoning-Attack.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29933
reference_id
reference_type
scores
0
value 0.02319
scoring_system epss
scoring_elements 0.85111
published_at 2026-06-05T12:55:00Z
1
value 0.02319
scoring_system epss
scoring_elements 0.85087
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29933
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md
reference_id
reference_type
scores
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md
4
reference_url https://sec-consult.com/vulnerability-lab
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://sec-consult.com/vulnerability-lab
5
reference_url https://sec-consult.com/vulnerability-lab/
reference_id
reference_type
scores
url https://sec-consult.com/vulnerability-lab/
6
reference_url https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms
7
reference_url https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms/
reference_id
reference_type
scores
url https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29933
reference_id CVE-2022-29933
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29933
9
reference_url https://github.com/advisories/GHSA-5cjr-78cq-3wrg
reference_id GHSA-5cjr-78cq-3wrg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cjr-78cq-3wrg
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.36
purl pkg:composer/craftcms/cms@3.7.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-41y2-tucq-ykaj
1
vulnerability VCID-5mnd-qvaq-k3am
2
vulnerability VCID-5pur-jy1x-gfhv
3
vulnerability VCID-6hcd-ayyh-3fdb
4
vulnerability VCID-8pjj-w8h7-p7ga
5
vulnerability VCID-aajd-9qsf-37cr
6
vulnerability VCID-c2nk-y4rx-1qf4
7
vulnerability VCID-chep-xthg-zuee
8
vulnerability VCID-dz26-b2ts-puep
9
vulnerability VCID-ec34-nvn3-qbcb
10
vulnerability VCID-fpea-e48p-kfbn
11
vulnerability VCID-hkp9-3hzv-quhk
12
vulnerability VCID-hm7h-7cu3-8be1
13
vulnerability VCID-jhen-vhqx-n7dr
14
vulnerability VCID-jxet-d8ux-mkge
15
vulnerability VCID-qcwp-su57-9fa1
16
vulnerability VCID-qq68-3j4y-47am
17
vulnerability VCID-rb7c-3nkc-gkeg
18
vulnerability VCID-s5v6-e631-17f5
19
vulnerability VCID-vbz3-3rqd-3fh6
20
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.36
1
url pkg:composer/craftcms/cms@3.7.37
purl pkg:composer/craftcms/cms@3.7.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-41y2-tucq-ykaj
1
vulnerability VCID-5mnd-qvaq-k3am
2
vulnerability VCID-5pur-jy1x-gfhv
3
vulnerability VCID-6hcd-ayyh-3fdb
4
vulnerability VCID-aajd-9qsf-37cr
5
vulnerability VCID-c2nk-y4rx-1qf4
6
vulnerability VCID-chep-xthg-zuee
7
vulnerability VCID-dz26-b2ts-puep
8
vulnerability VCID-ec34-nvn3-qbcb
9
vulnerability VCID-fpea-e48p-kfbn
10
vulnerability VCID-hkp9-3hzv-quhk
11
vulnerability VCID-hm7h-7cu3-8be1
12
vulnerability VCID-jhen-vhqx-n7dr
13
vulnerability VCID-jxet-d8ux-mkge
14
vulnerability VCID-qcwp-su57-9fa1
15
vulnerability VCID-qq68-3j4y-47am
16
vulnerability VCID-rb7c-3nkc-gkeg
17
vulnerability VCID-s5v6-e631-17f5
18
vulnerability VCID-vbz3-3rqd-3fh6
19
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.37
aliases CVE-2022-29933, GHSA-5cjr-78cq-3wrg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8pjj-w8h7-p7ga
5
url VCID-9kjs-xj6x-y3gb
vulnerability_id VCID-9kjs-xj6x-y3gb
summary 
Craft CMS XSS Vulnerability
Craft CMS before 3.1.31 does not properly filter XML feeds, thus allowing XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12823
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56045
published_at 2026-06-04T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.561
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12823
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/6432eca59b93bcea2ca2616199e5d419447e613f/CHANGELOG-v3.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/6432eca59b93bcea2ca2616199e5d419447e613f/CHANGELOG-v3.md
3
reference_url https://github.com/craftcms/cms/commit/6432eca59b93bcea2ca2616199e5d419447e613f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/6432eca59b93bcea2ca2616199e5d419447e613f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12823
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12823
5
reference_url https://github.com/advisories/GHSA-w5q4-q7wp-qww6
reference_id GHSA-w5q4-q7wp-qww6
reference_type
scores
url https://github.com/advisories/GHSA-w5q4-q7wp-qww6
fixed_packages
0
url pkg:composer/craftcms/cms@3.1.31
purl pkg:composer/craftcms/cms@3.1.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-41y2-tucq-ykaj
2
vulnerability VCID-5mnd-qvaq-k3am
3
vulnerability VCID-5pur-jy1x-gfhv
4
vulnerability VCID-6hcd-ayyh-3fdb
5
vulnerability VCID-8pjj-w8h7-p7ga
6
vulnerability VCID-aajd-9qsf-37cr
7
vulnerability VCID-adak-sn51-23gd
8
vulnerability VCID-c2nk-y4rx-1qf4
9
vulnerability VCID-cwm6-qf1f-2keb
10
vulnerability VCID-dz26-b2ts-puep
11
vulnerability VCID-ec34-nvn3-qbcb
12
vulnerability VCID-eecq-8t4y-kka3
13
vulnerability VCID-hm7h-7cu3-8be1
14
vulnerability VCID-jhen-vhqx-n7dr
15
vulnerability VCID-jxet-d8ux-mkge
16
vulnerability VCID-n1z8-7a8m-rfcc
17
vulnerability VCID-nz6e-26rc-f3fa
18
vulnerability VCID-qcwp-su57-9fa1
19
vulnerability VCID-qq68-3j4y-47am
20
vulnerability VCID-s5v6-e631-17f5
21
vulnerability VCID-u4t8-gkkb-73bv
22
vulnerability VCID-uamr-mmjj-ryhc
23
vulnerability VCID-vbz3-3rqd-3fh6
24
vulnerability VCID-xc5n-1vqa-tqaz
25
vulnerability VCID-xv52-rc7v-yba8
26
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.1.31
aliases CVE-2019-12823, GHSA-w5q4-q7wp-qww6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kjs-xj6x-y3gb
6
url VCID-aajd-9qsf-37cr
vulnerability_id VCID-aajd-9qsf-37cr
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Craft CMS through 4.4.9 is vulnerable to HTML Injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33495
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.3779
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33495
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212
3
reference_url https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/
url https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33495
reference_id CVE-2023-33495
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33495
5
reference_url https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212
reference_id html-injection-in-craft-cms-application-e2b28f746212
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/
url https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.10
purl pkg:composer/craftcms/cms@4.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-41uv-1axm-fugb
3
vulnerability VCID-4wkr-jx1w-77hn
4
vulnerability VCID-5cxe-tjpb-3qan
5
vulnerability VCID-5mnd-qvaq-k3am
6
vulnerability VCID-71sv-62m4-z3er
7
vulnerability VCID-7y4f-ef7t-47eb
8
vulnerability VCID-83rt-3tyj-qbgx
9
vulnerability VCID-8u2j-17a4-q7eh
10
vulnerability VCID-9ca4-tbhq-27ad
11
vulnerability VCID-9enr-b6zd-mbh8
12
vulnerability VCID-akrv-yqnf-1kg8
13
vulnerability VCID-azr5-12f8-hfbm
14
vulnerability VCID-c2nk-y4rx-1qf4
15
vulnerability VCID-chep-xthg-zuee
16
vulnerability VCID-cys8-jnmu-77ec
17
vulnerability VCID-dz26-b2ts-puep
18
vulnerability VCID-e94m-mj1k-8kbr
19
vulnerability VCID-eaxm-rjr7-xudb
20
vulnerability VCID-ec34-nvn3-qbcb
21
vulnerability VCID-efwv-r3nc-73h9
22
vulnerability VCID-f7gc-cgka-tycr
23
vulnerability VCID-fpea-e48p-kfbn
24
vulnerability VCID-fpke-p7sz-nfc9
25
vulnerability VCID-gzry-xtu5-ukhu
26
vulnerability VCID-h6t5-pdp5-8qhe
27
vulnerability VCID-hkp9-3hzv-quhk
28
vulnerability VCID-hyct-5gap-7kdu
29
vulnerability VCID-jeyh-3jxd-z3g6
30
vulnerability VCID-jhen-vhqx-n7dr
31
vulnerability VCID-jsfs-azcs-mfcm
32
vulnerability VCID-jxet-d8ux-mkge
33
vulnerability VCID-jxz8-g6fq-dubw
34
vulnerability VCID-kbrc-85av-nfcn
35
vulnerability VCID-m5rf-usae-yfb7
36
vulnerability VCID-nmzu-mefv-tqeh
37
vulnerability VCID-ppet-ruae-1kav
38
vulnerability VCID-qq68-3j4y-47am
39
vulnerability VCID-qwmy-d2e8-5khw
40
vulnerability VCID-qywv-vf4r-8bh9
41
vulnerability VCID-r5hp-5nju-9ubz
42
vulnerability VCID-rb7c-3nkc-gkeg
43
vulnerability VCID-rzq4-h1ms-nqef
44
vulnerability VCID-sa99-8awj-eycd
45
vulnerability VCID-twuy-wzb7-k7g3
46
vulnerability VCID-tzjk-x116-ayge
47
vulnerability VCID-vasz-rnn1-67ev
48
vulnerability VCID-w9yn-1573-hyau
49
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.10
aliases CVE-2023-33495, GHSA-m3v5-gjj9-rg24
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aajd-9qsf-37cr
7
url VCID-adak-sn51-23gd
vulnerability_id VCID-adak-sn51-23gd
summary 
Craft CMS XSS Vulnerability
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17496
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56045
published_at 2026-06-04T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.561
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17496
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09
3
reference_url https://github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-17496
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-17496
5
reference_url https://github.com/advisories/GHSA-f3xr-q258-h7m9
reference_id GHSA-f3xr-q258-h7m9
reference_type
scores
url https://github.com/advisories/GHSA-f3xr-q258-h7m9
fixed_packages
0
url pkg:composer/craftcms/cms@3.3.8
purl pkg:composer/craftcms/cms@3.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-41y2-tucq-ykaj
2
vulnerability VCID-5mnd-qvaq-k3am
3
vulnerability VCID-5pur-jy1x-gfhv
4
vulnerability VCID-6hcd-ayyh-3fdb
5
vulnerability VCID-8pjj-w8h7-p7ga
6
vulnerability VCID-aajd-9qsf-37cr
7
vulnerability VCID-c2nk-y4rx-1qf4
8
vulnerability VCID-cwm6-qf1f-2keb
9
vulnerability VCID-dz26-b2ts-puep
10
vulnerability VCID-ec34-nvn3-qbcb
11
vulnerability VCID-eecq-8t4y-kka3
12
vulnerability VCID-hm7h-7cu3-8be1
13
vulnerability VCID-jhen-vhqx-n7dr
14
vulnerability VCID-jxet-d8ux-mkge
15
vulnerability VCID-n1z8-7a8m-rfcc
16
vulnerability VCID-nz6e-26rc-f3fa
17
vulnerability VCID-qcwp-su57-9fa1
18
vulnerability VCID-qq68-3j4y-47am
19
vulnerability VCID-s5v6-e631-17f5
20
vulnerability VCID-u4t8-gkkb-73bv
21
vulnerability VCID-vbz3-3rqd-3fh6
22
vulnerability VCID-xc5n-1vqa-tqaz
23
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.8
aliases CVE-2019-17496, GHSA-f3xr-q258-h7m9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-adak-sn51-23gd
8
url VCID-cwm6-qf1f-2keb
vulnerability_id VCID-cwm6-qf1f-2keb
summary 
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37843
reference_id
reference_type
scores
0
value 0.89433
scoring_system epss
scoring_elements 0.99566
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37843
1
reference_url https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-12T22:53:54Z/
url https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37843
reference_id CVE-2024-37843
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37843
4
reference_url https://github.com/advisories/GHSA-hq4f-mv3q-8wcv
reference_id GHSA-hq4f-mv3q-8wcv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq4f-mv3q-8wcv
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.32
purl pkg:composer/craftcms/cms@3.7.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-41y2-tucq-ykaj
1
vulnerability VCID-5mnd-qvaq-k3am
2
vulnerability VCID-5pur-jy1x-gfhv
3
vulnerability VCID-6hcd-ayyh-3fdb
4
vulnerability VCID-8pjj-w8h7-p7ga
5
vulnerability VCID-aajd-9qsf-37cr
6
vulnerability VCID-c2nk-y4rx-1qf4
7
vulnerability VCID-chep-xthg-zuee
8
vulnerability VCID-dz26-b2ts-puep
9
vulnerability VCID-ec34-nvn3-qbcb
10
vulnerability VCID-eecq-8t4y-kka3
11
vulnerability VCID-fpea-e48p-kfbn
12
vulnerability VCID-hkp9-3hzv-quhk
13
vulnerability VCID-hm7h-7cu3-8be1
14
vulnerability VCID-jhen-vhqx-n7dr
15
vulnerability VCID-jxet-d8ux-mkge
16
vulnerability VCID-qcwp-su57-9fa1
17
vulnerability VCID-qq68-3j4y-47am
18
vulnerability VCID-rb7c-3nkc-gkeg
19
vulnerability VCID-s5v6-e631-17f5
20
vulnerability VCID-vbz3-3rqd-3fh6
21
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.32
aliases CVE-2024-37843, GHSA-hq4f-mv3q-8wcv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwm6-qf1f-2keb
9
url VCID-dz26-b2ts-puep
vulnerability_id VCID-dz26-b2ts-puep
summary 
Craft CMS Feed-Me
An issue discovered in Craft CMS version 4.6.1. allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36260
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58935
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36260
1
reference_url https://github.com/craftcms/feed-me
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/feed-me
2
reference_url https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/
url https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28
3
reference_url https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/
url https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29
4
reference_url https://github.com/craftcms/feed-me/releases/tag/4.6.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/feed-me/releases/tag/4.6.2
5
reference_url https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/
url https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36260
reference_id CVE-2023-36260
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36260
7
reference_url https://github.com/advisories/GHSA-6p78-f7h9-6838
reference_id GHSA-6p78-f7h9-6838
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6p78-f7h9-6838
fixed_packages
0
url pkg:composer/craftcms/cms@4.6.2
purl pkg:composer/craftcms/cms@4.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.6.2
1
url pkg:composer/craftcms/cms@4.7.0
purl pkg:composer/craftcms/cms@4.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-39ct-cg7w-kyb6
3
vulnerability VCID-41uv-1axm-fugb
4
vulnerability VCID-4wkr-jx1w-77hn
5
vulnerability VCID-5cxe-tjpb-3qan
6
vulnerability VCID-5mnd-qvaq-k3am
7
vulnerability VCID-5q5g-jrxm-eyhe
8
vulnerability VCID-71sv-62m4-z3er
9
vulnerability VCID-7y4f-ef7t-47eb
10
vulnerability VCID-83rt-3tyj-qbgx
11
vulnerability VCID-8u2j-17a4-q7eh
12
vulnerability VCID-9ca4-tbhq-27ad
13
vulnerability VCID-9enr-b6zd-mbh8
14
vulnerability VCID-a3b5-pwyh-yugv
15
vulnerability VCID-akrv-yqnf-1kg8
16
vulnerability VCID-azr5-12f8-hfbm
17
vulnerability VCID-c2nk-y4rx-1qf4
18
vulnerability VCID-chep-xthg-zuee
19
vulnerability VCID-cys8-jnmu-77ec
20
vulnerability VCID-e94m-mj1k-8kbr
21
vulnerability VCID-eaxm-rjr7-xudb
22
vulnerability VCID-efwv-r3nc-73h9
23
vulnerability VCID-fpea-e48p-kfbn
24
vulnerability VCID-fpke-p7sz-nfc9
25
vulnerability VCID-gzry-xtu5-ukhu
26
vulnerability VCID-h6t5-pdp5-8qhe
27
vulnerability VCID-hkp9-3hzv-quhk
28
vulnerability VCID-hyct-5gap-7kdu
29
vulnerability VCID-jeyh-3jxd-z3g6
30
vulnerability VCID-jsfs-azcs-mfcm
31
vulnerability VCID-jxet-d8ux-mkge
32
vulnerability VCID-jxz8-g6fq-dubw
33
vulnerability VCID-kbrc-85av-nfcn
34
vulnerability VCID-m5rf-usae-yfb7
35
vulnerability VCID-nmzu-mefv-tqeh
36
vulnerability VCID-ppet-ruae-1kav
37
vulnerability VCID-qq68-3j4y-47am
38
vulnerability VCID-qwmy-d2e8-5khw
39
vulnerability VCID-qywv-vf4r-8bh9
40
vulnerability VCID-r5hp-5nju-9ubz
41
vulnerability VCID-rb7c-3nkc-gkeg
42
vulnerability VCID-rzq4-h1ms-nqef
43
vulnerability VCID-sa99-8awj-eycd
44
vulnerability VCID-twuy-wzb7-k7g3
45
vulnerability VCID-tzjk-x116-ayge
46
vulnerability VCID-vasz-rnn1-67ev
47
vulnerability VCID-w9yn-1573-hyau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.7.0
aliases CVE-2023-36260, GHSA-6p78-f7h9-6838
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dz26-b2ts-puep
10
url VCID-jxet-d8ux-mkge
vulnerability_id VCID-jxet-d8ux-mkge
summary Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at `/var/lib/php/sessions`. Such session files are named `sess_[session_value]`, where `[session_value]` is provided to the client in a `Set-Cookie` response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-35939
reference_id
reference_type
scores
0
value 0.33065
scoring_system epss
scoring_elements 0.96993
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-35939
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2
3
reference_url https://github.com/craftcms/cms/pull/17220
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
url https://github.com/craftcms/cms/pull/17220
4
reference_url https://github.com/craftcms/cms/releases/tag/4.15.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
url https://github.com/craftcms/cms/releases/tag/4.15.3
5
reference_url https://github.com/craftcms/cms/releases/tag/5.7.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
url https://github.com/craftcms/cms/releases/tag/5.7.5
6
reference_url https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
url https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json
7
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939
8
reference_url https://www.cve.org/CVERecord?id=CVE-2025-35939
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
url https://www.cve.org/CVERecord?id=CVE-2025-35939
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-35939
reference_id CVE-2025-35939
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-35939
10
reference_url https://github.com/advisories/GHSA-7vrx-9684-xrf2
reference_id GHSA-7vrx-9684-xrf2
reference_type
scores
url https://github.com/advisories/GHSA-7vrx-9684-xrf2
fixed_packages
0
url pkg:composer/craftcms/cms@4.15.3
purl pkg:composer/craftcms/cms@4.15.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-39ct-cg7w-kyb6
3
vulnerability VCID-41uv-1axm-fugb
4
vulnerability VCID-4wkr-jx1w-77hn
5
vulnerability VCID-5mnd-qvaq-k3am
6
vulnerability VCID-5q5g-jrxm-eyhe
7
vulnerability VCID-7y4f-ef7t-47eb
8
vulnerability VCID-83rt-3tyj-qbgx
9
vulnerability VCID-8u2j-17a4-q7eh
10
vulnerability VCID-9ca4-tbhq-27ad
11
vulnerability VCID-9enr-b6zd-mbh8
12
vulnerability VCID-a3b5-pwyh-yugv
13
vulnerability VCID-akrv-yqnf-1kg8
14
vulnerability VCID-azr5-12f8-hfbm
15
vulnerability VCID-cys8-jnmu-77ec
16
vulnerability VCID-dbcz-erbe-u7dt
17
vulnerability VCID-e94m-mj1k-8kbr
18
vulnerability VCID-eaxm-rjr7-xudb
19
vulnerability VCID-efwv-r3nc-73h9
20
vulnerability VCID-fpea-e48p-kfbn
21
vulnerability VCID-fpke-p7sz-nfc9
22
vulnerability VCID-gzry-xtu5-ukhu
23
vulnerability VCID-h6t5-pdp5-8qhe
24
vulnerability VCID-hkp9-3hzv-quhk
25
vulnerability VCID-hyct-5gap-7kdu
26
vulnerability VCID-jeyh-3jxd-z3g6
27
vulnerability VCID-jxz8-g6fq-dubw
28
vulnerability VCID-kbrc-85av-nfcn
29
vulnerability VCID-m5rf-usae-yfb7
30
vulnerability VCID-nmzu-mefv-tqeh
31
vulnerability VCID-p3n8-1sht-bfbt
32
vulnerability VCID-ppet-ruae-1kav
33
vulnerability VCID-qwmy-d2e8-5khw
34
vulnerability VCID-qywv-vf4r-8bh9
35
vulnerability VCID-rb7c-3nkc-gkeg
36
vulnerability VCID-rzq4-h1ms-nqef
37
vulnerability VCID-sa99-8awj-eycd
38
vulnerability VCID-twuy-wzb7-k7g3
39
vulnerability VCID-tzjk-x116-ayge
40
vulnerability VCID-vasz-rnn1-67ev
41
vulnerability VCID-w9yn-1573-hyau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.15.3
1
url pkg:composer/craftcms/cms@5.7.5
purl pkg:composer/craftcms/cms@5.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-39ct-cg7w-kyb6
3
vulnerability VCID-41uv-1axm-fugb
4
vulnerability VCID-4wkr-jx1w-77hn
5
vulnerability VCID-5mnd-qvaq-k3am
6
vulnerability VCID-5q5g-jrxm-eyhe
7
vulnerability VCID-5tzm-738x-xka9
8
vulnerability VCID-7y4f-ef7t-47eb
9
vulnerability VCID-83rt-3tyj-qbgx
10
vulnerability VCID-8u2j-17a4-q7eh
11
vulnerability VCID-9ca4-tbhq-27ad
12
vulnerability VCID-9enr-b6zd-mbh8
13
vulnerability VCID-a3b5-pwyh-yugv
14
vulnerability VCID-a8p2-5cmc-n7g2
15
vulnerability VCID-akrv-yqnf-1kg8
16
vulnerability VCID-asek-4gme-gug8
17
vulnerability VCID-azr5-12f8-hfbm
18
vulnerability VCID-bqep-3c6u-mqhu
19
vulnerability VCID-cys8-jnmu-77ec
20
vulnerability VCID-dbcz-erbe-u7dt
21
vulnerability VCID-e94m-mj1k-8kbr
22
vulnerability VCID-eaxm-rjr7-xudb
23
vulnerability VCID-efwv-r3nc-73h9
24
vulnerability VCID-esma-wxje-eqh3
25
vulnerability VCID-fpea-e48p-kfbn
26
vulnerability VCID-fpke-p7sz-nfc9
27
vulnerability VCID-gzry-xtu5-ukhu
28
vulnerability VCID-h6t5-pdp5-8qhe
29
vulnerability VCID-hkp9-3hzv-quhk
30
vulnerability VCID-hyct-5gap-7kdu
31
vulnerability VCID-jeyh-3jxd-z3g6
32
vulnerability VCID-jnrx-e9b5-wqew
33
vulnerability VCID-jxz8-g6fq-dubw
34
vulnerability VCID-kbrc-85av-nfcn
35
vulnerability VCID-m5rf-usae-yfb7
36
vulnerability VCID-nmzu-mefv-tqeh
37
vulnerability VCID-p3n8-1sht-bfbt
38
vulnerability VCID-pgm4-svq8-tfc5
39
vulnerability VCID-ppet-ruae-1kav
40
vulnerability VCID-qywv-vf4r-8bh9
41
vulnerability VCID-rb7c-3nkc-gkeg
42
vulnerability VCID-rzq4-h1ms-nqef
43
vulnerability VCID-sa99-8awj-eycd
44
vulnerability VCID-twuy-wzb7-k7g3
45
vulnerability VCID-tzjk-x116-ayge
46
vulnerability VCID-vasz-rnn1-67ev
47
vulnerability VCID-vvhc-rnpr-ubey
48
vulnerability VCID-w9yn-1573-hyau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.7.5
aliases CVE-2025-35939, GHSA-7vrx-9684-xrf2
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxet-d8ux-mkge
11
url VCID-n1z8-7a8m-rfcc
vulnerability_id VCID-n1z8-7a8m-rfcc
summary 
Craft CMS Remote Code Injection
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27903
reference_id
reference_type
scores
0
value 0.03824
scoring_system epss
scoring_elements 0.8836
published_at 2026-06-05T12:55:00Z
1
value 0.03824
scoring_system epss
scoring_elements 0.88342
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27903
1
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security
3
reference_url https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27903
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27903
fixed_packages
0
url pkg:composer/craftcms/cms@3.6.7
purl pkg:composer/craftcms/cms@3.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-41y2-tucq-ykaj
2
vulnerability VCID-5mnd-qvaq-k3am
3
vulnerability VCID-5pur-jy1x-gfhv
4
vulnerability VCID-6hcd-ayyh-3fdb
5
vulnerability VCID-8pjj-w8h7-p7ga
6
vulnerability VCID-aajd-9qsf-37cr
7
vulnerability VCID-c2nk-y4rx-1qf4
8
vulnerability VCID-c9mw-1at1-ebaz
9
vulnerability VCID-chep-xthg-zuee
10
vulnerability VCID-cwm6-qf1f-2keb
11
vulnerability VCID-dz26-b2ts-puep
12
vulnerability VCID-ec34-nvn3-qbcb
13
vulnerability VCID-eecq-8t4y-kka3
14
vulnerability VCID-fpea-e48p-kfbn
15
vulnerability VCID-hkp9-3hzv-quhk
16
vulnerability VCID-hm7h-7cu3-8be1
17
vulnerability VCID-jhen-vhqx-n7dr
18
vulnerability VCID-jxet-d8ux-mkge
19
vulnerability VCID-nz6e-26rc-f3fa
20
vulnerability VCID-qcwp-su57-9fa1
21
vulnerability VCID-qq68-3j4y-47am
22
vulnerability VCID-rb7c-3nkc-gkeg
23
vulnerability VCID-s5v6-e631-17f5
24
vulnerability VCID-u4t8-gkkb-73bv
25
vulnerability VCID-vbz3-3rqd-3fh6
26
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.7
aliases CVE-2021-27903, GHSA-x2j7-6hxm-87p3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1z8-7a8m-rfcc
12
url VCID-nz6e-26rc-f3fa
vulnerability_id VCID-nz6e-26rc-f3fa
summary 
Cross-site Scripting
Craft CMS has an XSS vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32470
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56045
published_at 2026-06-04T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.561
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32470
1
reference_url https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security
2
reference_url https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32470
reference_id CVE-2021-32470
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32470
4
reference_url https://github.com/advisories/GHSA-h2rj-8wgg-mm43
reference_id GHSA-h2rj-8wgg-mm43
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h2rj-8wgg-mm43
fixed_packages
0
url pkg:composer/craftcms/cms@3.6.13
purl pkg:composer/craftcms/cms@3.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-41y2-tucq-ykaj
2
vulnerability VCID-5mnd-qvaq-k3am
3
vulnerability VCID-5pur-jy1x-gfhv
4
vulnerability VCID-6hcd-ayyh-3fdb
5
vulnerability VCID-8pjj-w8h7-p7ga
6
vulnerability VCID-aajd-9qsf-37cr
7
vulnerability VCID-c2nk-y4rx-1qf4
8
vulnerability VCID-c9mw-1at1-ebaz
9
vulnerability VCID-chep-xthg-zuee
10
vulnerability VCID-cwm6-qf1f-2keb
11
vulnerability VCID-dz26-b2ts-puep
12
vulnerability VCID-ec34-nvn3-qbcb
13
vulnerability VCID-eecq-8t4y-kka3
14
vulnerability VCID-fpea-e48p-kfbn
15
vulnerability VCID-hkp9-3hzv-quhk
16
vulnerability VCID-hm7h-7cu3-8be1
17
vulnerability VCID-jhen-vhqx-n7dr
18
vulnerability VCID-jxet-d8ux-mkge
19
vulnerability VCID-qcwp-su57-9fa1
20
vulnerability VCID-qq68-3j4y-47am
21
vulnerability VCID-rb7c-3nkc-gkeg
22
vulnerability VCID-s5v6-e631-17f5
23
vulnerability VCID-u4t8-gkkb-73bv
24
vulnerability VCID-vbz3-3rqd-3fh6
25
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.13
aliases CVE-2021-32470, GHSA-h2rj-8wgg-mm43
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nz6e-26rc-f3fa
13
url VCID-qcwp-su57-9fa1
vulnerability_id VCID-qcwp-su57-9fa1
summary 
Improper Control of Generation of Code ('Code Injection')
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30179
reference_id
reference_type
scores
0
value 0.05499
scoring_system epss
scoring_elements 0.90401
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30179
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14
3
reference_url https://github.com/github/advisory-database/pull/2443
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/2443
4
reference_url https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/
url https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714
5
reference_url https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/
url https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30179
reference_id CVE-2023-30179
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30179
7
reference_url https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection
reference_id CVE-2023-30179-SERVER-SIDE-TEMPLATE-INJECTION
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/
url https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.2
purl pkg:composer/craftcms/cms@4.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-2vn9-2cs3-vbg3
3
vulnerability VCID-41uv-1axm-fugb
4
vulnerability VCID-4wkr-jx1w-77hn
5
vulnerability VCID-5cxe-tjpb-3qan
6
vulnerability VCID-5mnd-qvaq-k3am
7
vulnerability VCID-5pur-jy1x-gfhv
8
vulnerability VCID-6hcd-ayyh-3fdb
9
vulnerability VCID-71sv-62m4-z3er
10
vulnerability VCID-7y4f-ef7t-47eb
11
vulnerability VCID-83rt-3tyj-qbgx
12
vulnerability VCID-8u2j-17a4-q7eh
13
vulnerability VCID-9ca4-tbhq-27ad
14
vulnerability VCID-9enr-b6zd-mbh8
15
vulnerability VCID-aajd-9qsf-37cr
16
vulnerability VCID-akrv-yqnf-1kg8
17
vulnerability VCID-azr5-12f8-hfbm
18
vulnerability VCID-c2nk-y4rx-1qf4
19
vulnerability VCID-chep-xthg-zuee
20
vulnerability VCID-cys8-jnmu-77ec
21
vulnerability VCID-dz26-b2ts-puep
22
vulnerability VCID-e94m-mj1k-8kbr
23
vulnerability VCID-eaxm-rjr7-xudb
24
vulnerability VCID-ec34-nvn3-qbcb
25
vulnerability VCID-efwv-r3nc-73h9
26
vulnerability VCID-f7gc-cgka-tycr
27
vulnerability VCID-fpea-e48p-kfbn
28
vulnerability VCID-fpke-p7sz-nfc9
29
vulnerability VCID-gzry-xtu5-ukhu
30
vulnerability VCID-h6t5-pdp5-8qhe
31
vulnerability VCID-hkp9-3hzv-quhk
32
vulnerability VCID-hm7h-7cu3-8be1
33
vulnerability VCID-hyct-5gap-7kdu
34
vulnerability VCID-jeyh-3jxd-z3g6
35
vulnerability VCID-jhen-vhqx-n7dr
36
vulnerability VCID-jsfs-azcs-mfcm
37
vulnerability VCID-jxet-d8ux-mkge
38
vulnerability VCID-jxz8-g6fq-dubw
39
vulnerability VCID-kbrc-85av-nfcn
40
vulnerability VCID-m5rf-usae-yfb7
41
vulnerability VCID-nmzu-mefv-tqeh
42
vulnerability VCID-ppet-ruae-1kav
43
vulnerability VCID-qq68-3j4y-47am
44
vulnerability VCID-qwmy-d2e8-5khw
45
vulnerability VCID-qywv-vf4r-8bh9
46
vulnerability VCID-r5hp-5nju-9ubz
47
vulnerability VCID-rb7c-3nkc-gkeg
48
vulnerability VCID-rvrz-498f-2uet
49
vulnerability VCID-rzq4-h1ms-nqef
50
vulnerability VCID-sa99-8awj-eycd
51
vulnerability VCID-twuy-wzb7-k7g3
52
vulnerability VCID-tzjk-x116-ayge
53
vulnerability VCID-vasz-rnn1-67ev
54
vulnerability VCID-w9yn-1573-hyau
55
vulnerability VCID-wcx6-wed9-gub2
56
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.2
aliases CVE-2023-30179, GHSA-3x74-v64j-qc3f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcwp-su57-9fa1
14
url VCID-rx96-8kfy-4ugu
vulnerability_id VCID-rx96-8kfy-4ugu
summary 
Craft CMS possibility of brute force attempts
In Craft CMS before 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-15929
reference_id
reference_type
scores
0
value 0.00358
scoring_system epss
scoring_elements 0.58308
published_at 2026-06-04T12:55:00Z
1
value 0.00358
scoring_system epss
scoring_elements 0.58355
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-15929
1
reference_url https://github.com/craftcms/cms/blob/3.1.7/CHANGELOG-v3.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/3.1.7/CHANGELOG-v3.md
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-15929
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-15929
3
reference_url https://github.com/advisories/GHSA-wvr4-w6cw-4px8
reference_id GHSA-wvr4-w6cw-4px8
reference_type
scores
url https://github.com/advisories/GHSA-wvr4-w6cw-4px8
fixed_packages
0
url pkg:composer/craftcms/cms@3.1.7
purl pkg:composer/craftcms/cms@3.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-41y2-tucq-ykaj
2
vulnerability VCID-5mnd-qvaq-k3am
3
vulnerability VCID-5pur-jy1x-gfhv
4
vulnerability VCID-6hcd-ayyh-3fdb
5
vulnerability VCID-8pjj-w8h7-p7ga
6
vulnerability VCID-9kjs-xj6x-y3gb
7
vulnerability VCID-aajd-9qsf-37cr
8
vulnerability VCID-adak-sn51-23gd
9
vulnerability VCID-c2nk-y4rx-1qf4
10
vulnerability VCID-cwm6-qf1f-2keb
11
vulnerability VCID-dz26-b2ts-puep
12
vulnerability VCID-ec34-nvn3-qbcb
13
vulnerability VCID-eecq-8t4y-kka3
14
vulnerability VCID-hm7h-7cu3-8be1
15
vulnerability VCID-jhen-vhqx-n7dr
16
vulnerability VCID-jxet-d8ux-mkge
17
vulnerability VCID-n1z8-7a8m-rfcc
18
vulnerability VCID-nz6e-26rc-f3fa
19
vulnerability VCID-qcwp-su57-9fa1
20
vulnerability VCID-qq68-3j4y-47am
21
vulnerability VCID-s5v6-e631-17f5
22
vulnerability VCID-u4t8-gkkb-73bv
23
vulnerability VCID-vbz3-3rqd-3fh6
24
vulnerability VCID-xc5n-1vqa-tqaz
25
vulnerability VCID-xv52-rc7v-yba8
26
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.1.7
aliases CVE-2019-15929, GHSA-wvr4-w6cw-4px8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rx96-8kfy-4ugu
15
url VCID-s5v6-e631-17f5
vulnerability_id VCID-s5v6-e631-17f5
summary 
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30130
reference_id
reference_type
scores
0
value 0.07135
scoring_system epss
scoring_elements 0.9171
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30130
1
reference_url https://craftcms.com
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://craftcms.com
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T16:00:57Z/
url https://tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1
4
reference_url https://craftcms.com/
reference_id craftcms.com
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T16:00:57Z/
url https://craftcms.com/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30130
reference_id CVE-2023-30130
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30130
6
reference_url https://github.com/advisories/GHSA-fjx5-xm7q-whvj
reference_id GHSA-fjx5-xm7q-whvj
reference_type
scores
url https://github.com/advisories/GHSA-fjx5-xm7q-whvj
fixed_packages
0
url pkg:composer/craftcms/cms@3.8.2
purl pkg:composer/craftcms/cms@3.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5mnd-qvaq-k3am
1
vulnerability VCID-5pur-jy1x-gfhv
2
vulnerability VCID-6hcd-ayyh-3fdb
3
vulnerability VCID-aajd-9qsf-37cr
4
vulnerability VCID-c2nk-y4rx-1qf4
5
vulnerability VCID-chep-xthg-zuee
6
vulnerability VCID-dz26-b2ts-puep
7
vulnerability VCID-ec34-nvn3-qbcb
8
vulnerability VCID-fpea-e48p-kfbn
9
vulnerability VCID-hkp9-3hzv-quhk
10
vulnerability VCID-hm7h-7cu3-8be1
11
vulnerability VCID-jhen-vhqx-n7dr
12
vulnerability VCID-jxet-d8ux-mkge
13
vulnerability VCID-qcwp-su57-9fa1
14
vulnerability VCID-qq68-3j4y-47am
15
vulnerability VCID-rb7c-3nkc-gkeg
16
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.2
aliases CVE-2023-30130, GHSA-fjx5-xm7q-whvj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5v6-e631-17f5
16
url VCID-u4t8-gkkb-73bv
vulnerability_id VCID-u4t8-gkkb-73bv
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in craftcms/cms.
references
0
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
1
reference_url https://github.com/advisories/GHSA-wf98-vxv9-jqfv
reference_id GHSA-wf98-vxv9-jqfv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wf98-vxv9-jqfv
2
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv
reference_id GHSA-wf98-vxv9-jqfv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.29
purl pkg:composer/craftcms/cms@3.7.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-41y2-tucq-ykaj
1
vulnerability VCID-5mnd-qvaq-k3am
2
vulnerability VCID-5pur-jy1x-gfhv
3
vulnerability VCID-6hcd-ayyh-3fdb
4
vulnerability VCID-8pjj-w8h7-p7ga
5
vulnerability VCID-aajd-9qsf-37cr
6
vulnerability VCID-c2nk-y4rx-1qf4
7
vulnerability VCID-chep-xthg-zuee
8
vulnerability VCID-cwm6-qf1f-2keb
9
vulnerability VCID-dz26-b2ts-puep
10
vulnerability VCID-ec34-nvn3-qbcb
11
vulnerability VCID-eecq-8t4y-kka3
12
vulnerability VCID-fpea-e48p-kfbn
13
vulnerability VCID-hkp9-3hzv-quhk
14
vulnerability VCID-hm7h-7cu3-8be1
15
vulnerability VCID-jhen-vhqx-n7dr
16
vulnerability VCID-jxet-d8ux-mkge
17
vulnerability VCID-qcwp-su57-9fa1
18
vulnerability VCID-qq68-3j4y-47am
19
vulnerability VCID-rb7c-3nkc-gkeg
20
vulnerability VCID-s5v6-e631-17f5
21
vulnerability VCID-vbz3-3rqd-3fh6
22
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29
aliases GHSA-wf98-vxv9-jqfv, GMS-2022-790
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4t8-gkkb-73bv
17
url VCID-vbz3-3rqd-3fh6
vulnerability_id VCID-vbz3-3rqd-3fh6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30177
reference_id
reference_type
scores
0
value 0.00338
scoring_system epss
scoring_elements 0.56884
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30177
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T17:24:49Z/
url https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30177
reference_id CVE-2023-30177
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30177
4
reference_url https://github.com/advisories/GHSA-wv7j-rc2q-9j67
reference_id GHSA-wv7j-rc2q-9j67
reference_type
scores
url https://github.com/advisories/GHSA-wv7j-rc2q-9j67
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.68
purl pkg:composer/craftcms/cms@3.7.68
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5mnd-qvaq-k3am
1
vulnerability VCID-5pur-jy1x-gfhv
2
vulnerability VCID-6hcd-ayyh-3fdb
3
vulnerability VCID-aajd-9qsf-37cr
4
vulnerability VCID-c2nk-y4rx-1qf4
5
vulnerability VCID-chep-xthg-zuee
6
vulnerability VCID-dz26-b2ts-puep
7
vulnerability VCID-ec34-nvn3-qbcb
8
vulnerability VCID-fpea-e48p-kfbn
9
vulnerability VCID-hkp9-3hzv-quhk
10
vulnerability VCID-hm7h-7cu3-8be1
11
vulnerability VCID-jhen-vhqx-n7dr
12
vulnerability VCID-jxet-d8ux-mkge
13
vulnerability VCID-qcwp-su57-9fa1
14
vulnerability VCID-qq68-3j4y-47am
15
vulnerability VCID-rb7c-3nkc-gkeg
16
vulnerability VCID-s5v6-e631-17f5
17
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.68
aliases CVE-2023-30177, GHSA-wv7j-rc2q-9j67
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbz3-3rqd-3fh6
18
url VCID-xc5n-1vqa-tqaz
vulnerability_id VCID-xc5n-1vqa-tqaz
summary 
Craft CMS Cross-site Scripting Vulnerability
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27902
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.62273
published_at 2026-06-05T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.62224
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27902
1
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1
3
reference_url https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27902
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27902
fixed_packages
0
url pkg:composer/craftcms/cms@3.6.0
purl pkg:composer/craftcms/cms@3.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-41y2-tucq-ykaj
2
vulnerability VCID-5mnd-qvaq-k3am
3
vulnerability VCID-5pur-jy1x-gfhv
4
vulnerability VCID-6hcd-ayyh-3fdb
5
vulnerability VCID-8pjj-w8h7-p7ga
6
vulnerability VCID-aajd-9qsf-37cr
7
vulnerability VCID-c2nk-y4rx-1qf4
8
vulnerability VCID-c9mw-1at1-ebaz
9
vulnerability VCID-chep-xthg-zuee
10
vulnerability VCID-cwm6-qf1f-2keb
11
vulnerability VCID-dz26-b2ts-puep
12
vulnerability VCID-ec34-nvn3-qbcb
13
vulnerability VCID-eecq-8t4y-kka3
14
vulnerability VCID-fpea-e48p-kfbn
15
vulnerability VCID-hkp9-3hzv-quhk
16
vulnerability VCID-hm7h-7cu3-8be1
17
vulnerability VCID-jhen-vhqx-n7dr
18
vulnerability VCID-jxet-d8ux-mkge
19
vulnerability VCID-n1z8-7a8m-rfcc
20
vulnerability VCID-nz6e-26rc-f3fa
21
vulnerability VCID-qcwp-su57-9fa1
22
vulnerability VCID-qq68-3j4y-47am
23
vulnerability VCID-rb7c-3nkc-gkeg
24
vulnerability VCID-s5v6-e631-17f5
25
vulnerability VCID-u4t8-gkkb-73bv
26
vulnerability VCID-vbz3-3rqd-3fh6
27
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.0
aliases CVE-2021-27902, GHSA-3jxh-789f-p7m6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xc5n-1vqa-tqaz
19
url VCID-xv52-rc7v-yba8
vulnerability_id VCID-xv52-rc7v-yba8
summary 
Injection Vulnerability
The `SEOmatic` component for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the `metacontainers` controller.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
reference_id
reference_type
scores
0
value 0.94276
scoring_system epss
scoring_elements 0.99941
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
1
reference_url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
2
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
3
reference_url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
4
reference_url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
5
reference_url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
reference_id CVE-2020-9757
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
7
reference_url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
reference_id GHSA-6q4j-8pjm-5mgc
reference_type
scores
url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
fixed_packages
0
url pkg:composer/craftcms/cms@3.3.0
purl pkg:composer/craftcms/cms@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-41y2-tucq-ykaj
2
vulnerability VCID-5mnd-qvaq-k3am
3
vulnerability VCID-5pur-jy1x-gfhv
4
vulnerability VCID-6hcd-ayyh-3fdb
5
vulnerability VCID-8pjj-w8h7-p7ga
6
vulnerability VCID-aajd-9qsf-37cr
7
vulnerability VCID-adak-sn51-23gd
8
vulnerability VCID-c2nk-y4rx-1qf4
9
vulnerability VCID-cwm6-qf1f-2keb
10
vulnerability VCID-dz26-b2ts-puep
11
vulnerability VCID-ec34-nvn3-qbcb
12
vulnerability VCID-eecq-8t4y-kka3
13
vulnerability VCID-hm7h-7cu3-8be1
14
vulnerability VCID-jhen-vhqx-n7dr
15
vulnerability VCID-jxet-d8ux-mkge
16
vulnerability VCID-n1z8-7a8m-rfcc
17
vulnerability VCID-nz6e-26rc-f3fa
18
vulnerability VCID-qcwp-su57-9fa1
19
vulnerability VCID-qq68-3j4y-47am
20
vulnerability VCID-s5v6-e631-17f5
21
vulnerability VCID-u4t8-gkkb-73bv
22
vulnerability VCID-vbz3-3rqd-3fh6
23
vulnerability VCID-xc5n-1vqa-tqaz
24
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.0
aliases CVE-2020-9757, GHSA-6q4j-8pjm-5mgc
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xv52-rc7v-yba8
20
url VCID-y99n-vz47-qyfh
vulnerability_id VCID-y99n-vz47-qyfh
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36259
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.25129
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36259
1
reference_url https://github.com/sjelfull/craft-audit
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sjelfull/craft-audit
2
reference_url https://github.com/sjelfull/craft-audit/commit/c2888aa48457f24696ac0a2ba4f54f39e5c672ed
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sjelfull/craft-audit/commit/c2888aa48457f24696ac0a2ba4f54f39e5c672ed
3
reference_url https://github.com/sjelfull/craft-audit/pull/73
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:02Z/
url https://github.com/sjelfull/craft-audit/pull/73
4
reference_url https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:02Z/
url https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36259
reference_id CVE-2023-36259
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36259
6
reference_url https://github.com/advisories/GHSA-v89q-c273-3p42
reference_id GHSA-v89q-c273-3p42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v89q-c273-3p42
fixed_packages
0
url pkg:composer/craftcms/cms@3.0.2
purl pkg:composer/craftcms/cms@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-3twn-e7up-2ugq
2
vulnerability VCID-41y2-tucq-ykaj
3
vulnerability VCID-5mnd-qvaq-k3am
4
vulnerability VCID-5pur-jy1x-gfhv
5
vulnerability VCID-6hcd-ayyh-3fdb
6
vulnerability VCID-8pjj-w8h7-p7ga
7
vulnerability VCID-9kjs-xj6x-y3gb
8
vulnerability VCID-aajd-9qsf-37cr
9
vulnerability VCID-adak-sn51-23gd
10
vulnerability VCID-c2nk-y4rx-1qf4
11
vulnerability VCID-cwm6-qf1f-2keb
12
vulnerability VCID-dz26-b2ts-puep
13
vulnerability VCID-ec34-nvn3-qbcb
14
vulnerability VCID-eecq-8t4y-kka3
15
vulnerability VCID-hm7h-7cu3-8be1
16
vulnerability VCID-jhen-vhqx-n7dr
17
vulnerability VCID-jxet-d8ux-mkge
18
vulnerability VCID-n1z8-7a8m-rfcc
19
vulnerability VCID-nz6e-26rc-f3fa
20
vulnerability VCID-qcwp-su57-9fa1
21
vulnerability VCID-qq68-3j4y-47am
22
vulnerability VCID-rx96-8kfy-4ugu
23
vulnerability VCID-s5v6-e631-17f5
24
vulnerability VCID-u4t8-gkkb-73bv
25
vulnerability VCID-vbz3-3rqd-3fh6
26
vulnerability VCID-xc5n-1vqa-tqaz
27
vulnerability VCID-xv52-rc7v-yba8
28
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.2
aliases CVE-2023-36259, GHSA-v89q-c273-3p42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y99n-vz47-qyfh
21
url VCID-ymw8-mvrz-e7bc
vulnerability_id VCID-ymw8-mvrz-e7bc
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2817
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56831
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2817
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/
url https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb
3
reference_url https://www.tenable.com/security/research/tra-2023-20
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/research/tra-2023-20
4
reference_url https://www.tenable.com/security/research/tra-2023-20,
reference_id
reference_type
scores
url https://www.tenable.com/security/research/tra-2023-20,
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2817
reference_id CVE-2023-2817
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2817
6
reference_url https://www.tenable.com/security/research/tra-2023-20%2C
reference_id tra-2023-20%2C
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/
url https://www.tenable.com/security/research/tra-2023-20%2C
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.12
purl pkg:composer/craftcms/cms@4.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-41uv-1axm-fugb
3
vulnerability VCID-4wkr-jx1w-77hn
4
vulnerability VCID-5cxe-tjpb-3qan
5
vulnerability VCID-5mnd-qvaq-k3am
6
vulnerability VCID-71sv-62m4-z3er
7
vulnerability VCID-7y4f-ef7t-47eb
8
vulnerability VCID-83rt-3tyj-qbgx
9
vulnerability VCID-8u2j-17a4-q7eh
10
vulnerability VCID-9ca4-tbhq-27ad
11
vulnerability VCID-9enr-b6zd-mbh8
12
vulnerability VCID-akrv-yqnf-1kg8
13
vulnerability VCID-azr5-12f8-hfbm
14
vulnerability VCID-c2nk-y4rx-1qf4
15
vulnerability VCID-chep-xthg-zuee
16
vulnerability VCID-cys8-jnmu-77ec
17
vulnerability VCID-dz26-b2ts-puep
18
vulnerability VCID-e94m-mj1k-8kbr
19
vulnerability VCID-eaxm-rjr7-xudb
20
vulnerability VCID-ec34-nvn3-qbcb
21
vulnerability VCID-efwv-r3nc-73h9
22
vulnerability VCID-f7gc-cgka-tycr
23
vulnerability VCID-fpea-e48p-kfbn
24
vulnerability VCID-fpke-p7sz-nfc9
25
vulnerability VCID-gzry-xtu5-ukhu
26
vulnerability VCID-h6t5-pdp5-8qhe
27
vulnerability VCID-hkp9-3hzv-quhk
28
vulnerability VCID-hyct-5gap-7kdu
29
vulnerability VCID-jeyh-3jxd-z3g6
30
vulnerability VCID-jhen-vhqx-n7dr
31
vulnerability VCID-jsfs-azcs-mfcm
32
vulnerability VCID-jxet-d8ux-mkge
33
vulnerability VCID-jxz8-g6fq-dubw
34
vulnerability VCID-kbrc-85av-nfcn
35
vulnerability VCID-m5rf-usae-yfb7
36
vulnerability VCID-nmzu-mefv-tqeh
37
vulnerability VCID-ppet-ruae-1kav
38
vulnerability VCID-qq68-3j4y-47am
39
vulnerability VCID-qwmy-d2e8-5khw
40
vulnerability VCID-qywv-vf4r-8bh9
41
vulnerability VCID-r5hp-5nju-9ubz
42
vulnerability VCID-rb7c-3nkc-gkeg
43
vulnerability VCID-rzq4-h1ms-nqef
44
vulnerability VCID-sa99-8awj-eycd
45
vulnerability VCID-twuy-wzb7-k7g3
46
vulnerability VCID-tzjk-x116-ayge
47
vulnerability VCID-vasz-rnn1-67ev
48
vulnerability VCID-w9yn-1573-hyau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.12
aliases CVE-2023-2817, GHSA-7x94-jx75-3gh6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymw8-mvrz-e7bc
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2985