| 0 |
| url |
VCID-118v-keeb-f7a6 |
| vulnerability_id |
VCID-118v-keeb-f7a6 |
| summary |
Craft CMS Cross-site Scripting Vulnerability |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.6.13 |
| purl |
pkg:composer/craftcms/cms@3.6.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 1 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 2 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 3 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 4 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 5 |
| vulnerability |
VCID-9wmc-pstb-ykfq |
|
| 6 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 7 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 8 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 9 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 10 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 11 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 12 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 13 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 14 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 15 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 16 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 17 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 18 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 19 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 20 |
| vulnerability |
VCID-sdtn-nzaq-e3cb |
|
| 21 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 22 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 23 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 24 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 25 |
| vulnerability |
VCID-x6d2-n97u-8ke1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.13 |
|
|
| aliases |
CVE-2021-32470, GHSA-h2rj-8wgg-mm43
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-118v-keeb-f7a6 |
|
| 1 |
| url |
VCID-3asf-kngu-ybf6 |
| vulnerability_id |
VCID-3asf-kngu-ybf6 |
| summary |
Improper account password reset in Craft CMS |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.7.36 |
| purl |
pkg:composer/craftcms/cms@3.7.36 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 1 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 2 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 3 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 4 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 5 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 6 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 7 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 8 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 9 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 10 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 11 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 12 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 13 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 14 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 15 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 16 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 17 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 18 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 19 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 20 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.36 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@3.7.37 |
| purl |
pkg:composer/craftcms/cms@3.7.37 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 1 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 2 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 3 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 4 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 5 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 6 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 7 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 8 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 9 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 10 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 11 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 12 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 13 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 14 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 15 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 16 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 17 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 18 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 19 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.37 |
|
|
| aliases |
CVE-2022-29933, GHSA-5cjr-78cq-3wrg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3asf-kngu-ybf6 |
|
| 2 |
| url |
VCID-8kdh-rvh3-4yfv |
| vulnerability_id |
VCID-8kdh-rvh3-4yfv |
| summary |
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@4.16.17 |
| purl |
pkg:composer/craftcms/cms@4.16.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 12 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 13 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 14 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 15 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 16 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 17 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 18 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 19 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 20 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 21 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 22 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 23 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 24 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 25 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 26 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 27 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 28 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 29 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 30 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 31 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 32 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 33 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 34 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.17 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@5.8.21 |
| purl |
pkg:composer/craftcms/cms@5.8.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 12 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 20 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 21 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 22 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 23 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 24 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 25 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 26 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 27 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 28 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 29 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 30 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 31 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 32 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 33 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 34 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 35 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 36 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 37 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 38 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 39 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 40 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 41 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 42 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21 |
|
|
| aliases |
CVE-2025-68456, GHSA-v64r-7wg9-23pr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8kdh-rvh3-4yfv |
|
| 3 |
| url |
VCID-8qus-7xen-hubb |
| vulnerability_id |
VCID-8qus-7xen-hubb |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.3.0 |
| purl |
pkg:composer/craftcms/cms@3.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-118v-keeb-f7a6 |
|
| 1 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 2 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 3 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 4 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 5 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 6 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 7 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 8 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 9 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 10 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 11 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 12 |
| vulnerability |
VCID-g7s1-n3qt-b3au |
|
| 13 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 14 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 15 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 16 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 17 |
| vulnerability |
VCID-nfvy-nma3-6qbp |
|
| 18 |
| vulnerability |
VCID-pdt2-ckb1-z3a8 |
|
| 19 |
| vulnerability |
VCID-sdtn-nzaq-e3cb |
|
| 20 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 21 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 22 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 23 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 24 |
| vulnerability |
VCID-x6d2-n97u-8ke1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.0 |
|
|
| aliases |
CVE-2020-9757, GHSA-6q4j-8pjm-5mgc
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8qus-7xen-hubb |
|
| 4 |
| url |
VCID-9fqv-dg3y-wbbf |
| vulnerability_id |
VCID-9fqv-dg3y-wbbf |
| summary |
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.8.6 |
| purl |
pkg:composer/craftcms/cms@3.8.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 1 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 2 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 3 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 4 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 5 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 6 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 7 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 8 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 9 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 10 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 11 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 12 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 13 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 14 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.6 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@4.4.6 |
| purl |
pkg:composer/craftcms/cms@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 4 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 5 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 6 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 7 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 8 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 9 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9krv-seyq-juez |
|
| 12 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 13 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 14 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 15 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 16 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 17 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 18 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 19 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 20 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 21 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 22 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 23 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 24 |
| vulnerability |
VCID-gjvb-ht1w-s3hm |
|
| 25 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 26 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 27 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 28 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 29 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 30 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 31 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 32 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 33 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 34 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 35 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 36 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 37 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 38 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 39 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 40 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 41 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 42 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 43 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 44 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 45 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 46 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 47 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 48 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 49 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 50 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 51 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6 |
|
|
| aliases |
CVE-2023-33194, GHSA-3wxg-w96j-8hq9
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9fqv-dg3y-wbbf |
|
| 5 |
| url |
VCID-9yny-vu36-tyes |
| vulnerability_id |
VCID-9yny-vu36-tyes |
| summary |
Craft CMS through 4.4.9 is vulnerable to HTML Injection. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@4.4.10 |
| purl |
pkg:composer/craftcms/cms@4.4.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 4 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 5 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 6 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 7 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 8 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 9 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 12 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 13 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 14 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 15 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 16 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gjvb-ht1w-s3hm |
|
| 23 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 24 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 25 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 26 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 27 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 28 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 29 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 30 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 31 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 32 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 33 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 34 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 35 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 36 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 37 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 38 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 39 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 40 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 41 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 42 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 43 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 44 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 45 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 46 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 47 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 48 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 49 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.10 |
|
|
| aliases |
CVE-2023-33495, GHSA-m3v5-gjj9-rg24
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9yny-vu36-tyes |
|
| 6 |
| url |
VCID-a9bc-cgqq-jkfh |
| vulnerability_id |
VCID-a9bc-cgqq-jkfh |
| summary |
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@4.4.15 |
| purl |
pkg:composer/craftcms/cms@4.4.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 4 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 5 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 6 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 7 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 8 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 9 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 12 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 13 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 14 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 15 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 16 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 17 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 18 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 19 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 20 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 21 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 22 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 23 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 24 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 25 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 26 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 27 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 28 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 29 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 30 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 31 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 32 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 33 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 34 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 35 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 36 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 37 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 38 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 39 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 40 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 41 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 42 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 43 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 44 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 45 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 46 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.15 |
|
|
| aliases |
CVE-2023-40035, GHSA-44wr-rmwq-3phw
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a9bc-cgqq-jkfh |
|
| 7 |
| url |
VCID-ad7v-5hxr-s3a4 |
| vulnerability_id |
VCID-ad7v-5hxr-s3a4 |
| summary |
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@4.4.6 |
| purl |
pkg:composer/craftcms/cms@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 4 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 5 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 6 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 7 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 8 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 9 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9krv-seyq-juez |
|
| 12 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 13 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 14 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 15 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 16 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 17 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 18 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 19 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 20 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 21 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 22 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 23 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 24 |
| vulnerability |
VCID-gjvb-ht1w-s3hm |
|
| 25 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 26 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 27 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 28 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 29 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 30 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 31 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 32 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 33 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 34 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 35 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 36 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 37 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 38 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 39 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 40 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 41 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 42 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 43 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 44 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 45 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 46 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 47 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 48 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 49 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 50 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 51 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6 |
|
|
| aliases |
CVE-2023-33197, GHSA-6qjx-787v-6pxr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ad7v-5hxr-s3a4 |
|
| 8 |
| url |
VCID-aujg-14fc-1qeb |
| vulnerability_id |
VCID-aujg-14fc-1qeb |
| summary |
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.7.68 |
| purl |
pkg:composer/craftcms/cms@3.7.68 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 1 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 2 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 3 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 4 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 5 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 6 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 7 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 8 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 9 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 10 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 11 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 12 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 13 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 14 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 15 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 16 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 17 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.68 |
|
|
| aliases |
CVE-2023-30177, GHSA-wv7j-rc2q-9j67
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aujg-14fc-1qeb |
|
| 9 |
| url |
VCID-cneu-aazx-byfq |
| vulnerability_id |
VCID-cneu-aazx-byfq |
| summary |
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@4.4.2 |
| purl |
pkg:composer/craftcms/cms@4.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 4 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 5 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 6 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 7 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 8 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 9 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 12 |
| vulnerability |
VCID-9krv-seyq-juez |
|
| 13 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 14 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 15 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 16 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 17 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 18 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 19 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 20 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 21 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 22 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 23 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 24 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 25 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 26 |
| vulnerability |
VCID-gjvb-ht1w-s3hm |
|
| 27 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 28 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 29 |
| vulnerability |
VCID-h3za-7cd7-vkav |
|
| 30 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 31 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 32 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 33 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 34 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 35 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 36 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 37 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 38 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 39 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 40 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 41 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 42 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 43 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 44 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 45 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 46 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 47 |
| vulnerability |
VCID-tf8p-xrne-8qfg |
|
| 48 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 49 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 50 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 51 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 52 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 53 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 54 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 55 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 56 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.2 |
|
|
| aliases |
CVE-2023-30179, GHSA-3x74-v64j-qc3f
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cneu-aazx-byfq |
|
| 10 |
| url |
VCID-czuy-m8wp-fka2 |
| vulnerability_id |
VCID-czuy-m8wp-fka2 |
| summary |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@4.14.15 |
| purl |
pkg:composer/craftcms/cms@4.14.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-f67g-n9d6-pkb5 |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 25 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 26 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 27 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 28 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 29 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 30 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 31 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 32 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 33 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 34 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 35 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 36 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 37 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 38 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 39 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 40 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 41 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.14.15 |
|
| 2 |
| url |
pkg:composer/craftcms/cms@5.6.17 |
| purl |
pkg:composer/craftcms/cms@5.6.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 12 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 13 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 14 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 15 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-f67g-n9d6-pkb5 |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 26 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 27 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 28 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 29 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 30 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 31 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 32 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 33 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 34 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 35 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 36 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 37 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 38 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 39 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 40 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 41 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 42 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 43 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 44 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 45 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 46 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 47 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 48 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.6.17 |
|
|
| aliases |
CVE-2025-32432, GHSA-f3gw-9ww9-jmc3
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-czuy-m8wp-fka2 |
|
| 11 |
| url |
VCID-e4ep-2ng5-1kbm |
| vulnerability_id |
VCID-e4ep-2ng5-1kbm |
| summary |
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://craftcms.com |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://craftcms.com |
|
| 2 |
|
| 3 |
| reference_url |
https://craftcms.com/ |
| reference_id |
craftcms.com |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T16:00:57Z/ |
|
|
| url |
https://craftcms.com/ |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.8.2 |
| purl |
pkg:composer/craftcms/cms@3.8.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 1 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 2 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 3 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 4 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 5 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 6 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 7 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 8 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 9 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 10 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 11 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 12 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 13 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 14 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 15 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 16 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.2 |
|
|
| aliases |
CVE-2023-30130, GHSA-fjx5-xm7q-whvj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ep-2ng5-1kbm |
|
| 12 |
| url |
VCID-fs3m-av1v-fuf1 |
| vulnerability_id |
VCID-fs3m-av1v-fuf1 |
| summary |
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at '/var/lib/php/sessions'. Such session files are named 'sess_[session_value]', where '[session_value]' is provided to the client in a 'Set-Cookie' response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/craftcms/cms/pull/17220 |
| reference_id |
17220 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
|
| url |
https://github.com/craftcms/cms/pull/17220 |
|
| 5 |
| reference_url |
https://github.com/craftcms/cms/releases/tag/4.15.3 |
| reference_id |
4.15.3 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
|
| url |
https://github.com/craftcms/cms/releases/tag/4.15.3 |
|
| 6 |
| reference_url |
https://github.com/craftcms/cms/releases/tag/5.7.5 |
| reference_id |
5.7.5 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
|
| url |
https://github.com/craftcms/cms/releases/tag/5.7.5 |
|
| 7 |
| reference_url |
https://www.cve.org/CVERecord?id=CVE-2025-35939 |
| reference_id |
CVERecord?id=CVE-2025-35939 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
|
| url |
https://www.cve.org/CVERecord?id=CVE-2025-35939 |
|
| 8 |
|
| 9 |
| reference_url |
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json |
| reference_id |
va-25-147-01.json |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
|
| url |
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@4.15.3 |
| purl |
pkg:composer/craftcms/cms@4.15.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 14 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 15 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 16 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 17 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-f67g-n9d6-pkb5 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 25 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 26 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 27 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 28 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 29 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 30 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 31 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 32 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 33 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 34 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 35 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 36 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 37 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 38 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 39 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 40 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 41 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.15.3 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@5.7.5 |
| purl |
pkg:composer/craftcms/cms@5.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 12 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 13 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 14 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 15 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 16 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 17 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-f67g-n9d6-pkb5 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 26 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 27 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 28 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 29 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 30 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 31 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 32 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 33 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 34 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 35 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 36 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 37 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 38 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 39 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 40 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 41 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 42 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 43 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 44 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 45 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 46 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 47 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 48 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.7.5 |
|
|
| aliases |
CVE-2025-35939, GHSA-7vrx-9684-xrf2
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fs3m-av1v-fuf1 |
|
| 13 |
| url |
VCID-g7s1-n3qt-b3au |
| vulnerability_id |
VCID-g7s1-n3qt-b3au |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.6.7 |
| purl |
pkg:composer/craftcms/cms@3.6.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-118v-keeb-f7a6 |
|
| 1 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 2 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 3 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 4 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 5 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 6 |
| vulnerability |
VCID-9wmc-pstb-ykfq |
|
| 7 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 8 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 9 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 10 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 11 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 12 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 13 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 14 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 15 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 16 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 17 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 18 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 19 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 20 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 21 |
| vulnerability |
VCID-sdtn-nzaq-e3cb |
|
| 22 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 23 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 24 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 25 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 26 |
| vulnerability |
VCID-x6d2-n97u-8ke1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.7 |
|
|
| aliases |
CVE-2021-27903, GHSA-x2j7-6hxm-87p3
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g7s1-n3qt-b3au |
|
| 14 |
| url |
VCID-hh13-6e1x-p7ez |
| vulnerability_id |
VCID-hh13-6e1x-p7ez |
| summary |
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@4.4.12 |
| purl |
pkg:composer/craftcms/cms@4.4.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 4 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 5 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 6 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 7 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 8 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 9 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 12 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 13 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 14 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 15 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 16 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gjvb-ht1w-s3hm |
|
| 23 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 24 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 25 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 26 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 27 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 28 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 29 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 30 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 31 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 32 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 33 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 34 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 35 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 36 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 37 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 38 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 39 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 40 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 41 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 42 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 43 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 44 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 45 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 46 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 47 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 48 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.12 |
|
|
| aliases |
CVE-2023-2817, GHSA-7x94-jx75-3gh6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hh13-6e1x-p7ez |
|
| 15 |
| url |
VCID-jwj3-be5u-cfa6 |
| vulnerability_id |
VCID-jwj3-be5u-cfa6 |
| summary |
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.7.33 |
| purl |
pkg:composer/craftcms/cms@3.7.33 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 1 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 2 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 3 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 4 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 5 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 6 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 7 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 8 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 9 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 10 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 11 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 12 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 13 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 14 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 15 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 16 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 17 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 18 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 19 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.33 |
|
|
| aliases |
CVE-2022-37783, GHSA-h972-v458-m892
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jwj3-be5u-cfa6 |
|
| 16 |
| url |
VCID-k8na-x3nm-hkav |
| vulnerability_id |
VCID-k8na-x3nm-hkav |
| summary |
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.7.32 |
| purl |
pkg:composer/craftcms/cms@3.7.32 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 1 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 2 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 3 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 4 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 5 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 6 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 7 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 8 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 9 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 10 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 11 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 12 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 13 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 14 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 15 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 16 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 17 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 18 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 19 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 20 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 21 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.32 |
|
|
| aliases |
CVE-2024-37843, GHSA-hq4f-mv3q-8wcv
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k8na-x3nm-hkav |
|
| 17 |
| url |
VCID-mhqg-hey8-6bee |
| vulnerability_id |
VCID-mhqg-hey8-6bee |
| summary |
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about code provided by the Craft CMS product; it is only a report about the Feed Me plugin. NOTE: a third-party report states that commit b5d6ede51848349bd91bc95fec288b6793f15e28 has "nothing to do with security." |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@4.7.0 |
| purl |
pkg:composer/craftcms/cms@4.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 18 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 19 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 20 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 21 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 22 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 23 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 24 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 25 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 26 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 27 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 28 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 29 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 30 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 31 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 32 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 33 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 34 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 35 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 36 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 37 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 38 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 39 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 40 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 41 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 42 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 43 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 44 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 45 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 46 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 47 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.7.0 |
|
|
| aliases |
CVE-2023-36260, GHSA-6p78-f7h9-6838
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mhqg-hey8-6bee |
|
| 18 |
| url |
VCID-nfvy-nma3-6qbp |
| vulnerability_id |
VCID-nfvy-nma3-6qbp |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.6.0 |
| purl |
pkg:composer/craftcms/cms@3.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-118v-keeb-f7a6 |
|
| 1 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 2 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 3 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 4 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 5 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 6 |
| vulnerability |
VCID-9wmc-pstb-ykfq |
|
| 7 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 8 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 9 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 10 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 11 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 12 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 13 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 14 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 15 |
| vulnerability |
VCID-g7s1-n3qt-b3au |
|
| 16 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 17 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 18 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 19 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 20 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 21 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 22 |
| vulnerability |
VCID-sdtn-nzaq-e3cb |
|
| 23 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 24 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 25 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 26 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 27 |
| vulnerability |
VCID-x6d2-n97u-8ke1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.0 |
|
|
| aliases |
CVE-2021-27902, GHSA-3jxh-789f-p7m6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nfvy-nma3-6qbp |
|
| 19 |
| url |
VCID-njef-qb7s-cub8 |
| vulnerability_id |
VCID-njef-qb7s-cub8 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.0.35 |
| purl |
pkg:composer/craftcms/cms@3.0.35 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-118v-keeb-f7a6 |
|
| 1 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 2 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 3 |
| vulnerability |
VCID-8qus-7xen-hubb |
|
| 4 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 5 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 6 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 7 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 8 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 9 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 10 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 11 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 12 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 13 |
| vulnerability |
VCID-g7s1-n3qt-b3au |
|
| 14 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 15 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 16 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 17 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 18 |
| vulnerability |
VCID-nfvy-nma3-6qbp |
|
| 19 |
| vulnerability |
VCID-pdt2-ckb1-z3a8 |
|
| 20 |
| vulnerability |
VCID-sdtn-nzaq-e3cb |
|
| 21 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 22 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 23 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 24 |
| vulnerability |
VCID-wjjk-6bpu-7qd8 |
|
| 25 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 26 |
| vulnerability |
VCID-x6d2-n97u-8ke1 |
|
| 27 |
| vulnerability |
VCID-xk93-69dj-9ufm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.35 |
|
|
| aliases |
CVE-2018-20465, GHSA-j7fx-v37j-v3w7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-njef-qb7s-cub8 |
|
| 20 |
| url |
VCID-pdt2-ckb1-z3a8 |
| vulnerability_id |
VCID-pdt2-ckb1-z3a8 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.3.8 |
| purl |
pkg:composer/craftcms/cms@3.3.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-118v-keeb-f7a6 |
|
| 1 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 2 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 3 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 4 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 5 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 6 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 7 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 8 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 9 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 10 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 11 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 12 |
| vulnerability |
VCID-g7s1-n3qt-b3au |
|
| 13 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 14 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 15 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 16 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 17 |
| vulnerability |
VCID-nfvy-nma3-6qbp |
|
| 18 |
| vulnerability |
VCID-sdtn-nzaq-e3cb |
|
| 19 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 20 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 21 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 22 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 23 |
| vulnerability |
VCID-x6d2-n97u-8ke1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.8 |
|
|
| aliases |
CVE-2019-17496, GHSA-f3xr-q258-h7m9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pdt2-ckb1-z3a8 |
|
| 21 |
| url |
VCID-sdtn-nzaq-e3cb |
| vulnerability_id |
VCID-sdtn-nzaq-e3cb |
| summary |
XSS Injection Vulnerability |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.7.29 |
| purl |
pkg:composer/craftcms/cms@3.7.29 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 1 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 2 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 3 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 4 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 5 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 6 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 7 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 8 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 9 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 10 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 11 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 12 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 13 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 14 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 15 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 16 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 17 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 18 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 19 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 20 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 21 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 22 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29 |
|
|
| aliases |
GHSA-wf98-vxv9-jqfv, GMS-2022-790
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sdtn-nzaq-e3cb |
|
| 22 |
| url |
VCID-t37k-f7k1-gyhz |
| vulnerability_id |
VCID-t37k-f7k1-gyhz |
| summary |
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.7.64 |
| purl |
pkg:composer/craftcms/cms@3.7.64 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 1 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 2 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 3 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 4 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 5 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 6 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 7 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 8 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 9 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 10 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 11 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 12 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 13 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 14 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 15 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 16 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 17 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 18 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 19 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.64 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@4.3.7 |
| purl |
pkg:composer/craftcms/cms@4.3.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 4 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 5 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 6 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 7 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 8 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 9 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 12 |
| vulnerability |
VCID-9krv-seyq-juez |
|
| 13 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 14 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 15 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 16 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 17 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 18 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 19 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 20 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 21 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 22 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 23 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 24 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 25 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 26 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 27 |
| vulnerability |
VCID-gjvb-ht1w-s3hm |
|
| 28 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 29 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 30 |
| vulnerability |
VCID-h3za-7cd7-vkav |
|
| 31 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 32 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 33 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 34 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 35 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 36 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 37 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 38 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 39 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 40 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 41 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 42 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 43 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 44 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 45 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 46 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 47 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 48 |
| vulnerability |
VCID-tf8p-xrne-8qfg |
|
| 49 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 50 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 51 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 52 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 53 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 54 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 55 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 56 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 57 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.3.7 |
|
|
| aliases |
CVE-2023-23927, GHSA-qcrj-6ffc-v7hq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t37k-f7k1-gyhz |
|
| 23 |
| url |
VCID-vvej-1fex-kqdn |
| vulnerability_id |
VCID-vvej-1fex-kqdn |
| summary |
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.8.4 |
| purl |
pkg:composer/craftcms/cms@3.8.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 1 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 2 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 3 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 4 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 5 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 6 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 7 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 8 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 9 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 10 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 11 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 12 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 13 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 14 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 15 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.4 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@4.4.4 |
| purl |
pkg:composer/craftcms/cms@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 4 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 5 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 6 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 7 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 8 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 9 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 12 |
| vulnerability |
VCID-9krv-seyq-juez |
|
| 13 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 14 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 15 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 16 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 17 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 18 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 19 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 20 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 21 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 22 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 23 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 24 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 25 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 26 |
| vulnerability |
VCID-gjvb-ht1w-s3hm |
|
| 27 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 28 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 29 |
| vulnerability |
VCID-h3za-7cd7-vkav |
|
| 30 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 31 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 32 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 33 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 34 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 35 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 36 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 37 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 38 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 39 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 40 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 41 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 42 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 43 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 44 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 45 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 46 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 47 |
| vulnerability |
VCID-tf8p-xrne-8qfg |
|
| 48 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 49 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 50 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 51 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 52 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 53 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 54 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 55 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.4 |
|
|
| aliases |
CVE-2023-31144, GHSA-j4mx-98hw-6rv6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vvej-1fex-kqdn |
|
| 24 |
| url |
VCID-wcsx-j8xk-r7c7 |
| vulnerability_id |
VCID-wcsx-j8xk-r7c7 |
| summary |
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@4.5.11 |
| purl |
pkg:composer/craftcms/cms@4.5.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 18 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 19 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 20 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 21 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 22 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 23 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 24 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 25 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 26 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 27 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 28 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 29 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 30 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 31 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 32 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 33 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 34 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 35 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 36 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 37 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 38 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 39 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 40 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 41 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 42 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 43 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 44 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 45 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 46 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 47 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 48 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.5.11 |
|
|
| aliases |
CVE-2024-21622, GHSA-j5g9-j7r4-6qvx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wcsx-j8xk-r7c7 |
|
| 25 |
| url |
VCID-wjjk-6bpu-7qd8 |
| vulnerability_id |
VCID-wjjk-6bpu-7qd8 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.1.7 |
| purl |
pkg:composer/craftcms/cms@3.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-118v-keeb-f7a6 |
|
| 1 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 2 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 3 |
| vulnerability |
VCID-8qus-7xen-hubb |
|
| 4 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 5 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 6 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 7 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 8 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 9 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 10 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 11 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 12 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 13 |
| vulnerability |
VCID-g7s1-n3qt-b3au |
|
| 14 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 15 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 16 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 17 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 18 |
| vulnerability |
VCID-nfvy-nma3-6qbp |
|
| 19 |
| vulnerability |
VCID-pdt2-ckb1-z3a8 |
|
| 20 |
| vulnerability |
VCID-sdtn-nzaq-e3cb |
|
| 21 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 22 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 23 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 24 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 25 |
| vulnerability |
VCID-x6d2-n97u-8ke1 |
|
| 26 |
| vulnerability |
VCID-xk93-69dj-9ufm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.1.7 |
|
|
| aliases |
CVE-2019-15929, GHSA-wvr4-w6cw-4px8
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wjjk-6bpu-7qd8 |
|
| 26 |
| url |
VCID-x12b-mjr9-sba2 |
| vulnerability_id |
VCID-x12b-mjr9-sba2 |
| summary |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 |
| reference_id |
GHSA-2p6p-9rc9-62j9 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-06T03:55:30Z/ |
|
|
| url |
https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/craftcms/cms@4.13.2 |
| purl |
pkg:composer/craftcms/cms@4.13.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 18 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 19 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 20 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 21 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 22 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 23 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 24 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 25 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 26 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 27 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 28 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 29 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 30 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 31 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 32 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 33 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 34 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 35 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 36 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 37 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 38 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 39 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 40 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 41 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 42 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 43 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.13.2 |
|
| 2 |
| url |
pkg:composer/craftcms/cms@5.5.2 |
| purl |
pkg:composer/craftcms/cms@5.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 16 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 17 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 26 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 27 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 28 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 29 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 30 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 31 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 32 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 33 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 34 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 35 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 36 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 37 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 38 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 39 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 40 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 41 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 42 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 43 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 44 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 45 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 46 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 47 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.5.2 |
|
|
| aliases |
CVE-2024-56145, GHSA-2p6p-9rc9-62j9
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x12b-mjr9-sba2 |
|
| 27 |
| url |
VCID-x6d2-n97u-8ke1 |
| vulnerability_id |
VCID-x6d2-n97u-8ke1 |
| summary |
Cross-site Scripting in craftcms/cms |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.7.29 |
| purl |
pkg:composer/craftcms/cms@3.7.29 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 1 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 2 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 3 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 4 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 5 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 6 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 7 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 8 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 9 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 10 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 11 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 12 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 13 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 14 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 15 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 16 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 17 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 18 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 19 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 20 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 21 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 22 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29 |
|
|
| aliases |
CVE-2022-28378, GHSA-7xj5-fwqr-5378
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x6d2-n97u-8ke1 |
|
| 28 |
| url |
VCID-xk93-69dj-9ufm |
| vulnerability_id |
VCID-xk93-69dj-9ufm |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@3.1.31 |
| purl |
pkg:composer/craftcms/cms@3.1.31 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-118v-keeb-f7a6 |
|
| 1 |
| vulnerability |
VCID-3asf-kngu-ybf6 |
|
| 2 |
| vulnerability |
VCID-5r1t-9sdm-j3cf |
|
| 3 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 4 |
| vulnerability |
VCID-8qus-7xen-hubb |
|
| 5 |
| vulnerability |
VCID-9fqv-dg3y-wbbf |
|
| 6 |
| vulnerability |
VCID-9yny-vu36-tyes |
|
| 7 |
| vulnerability |
VCID-a9bc-cgqq-jkfh |
|
| 8 |
| vulnerability |
VCID-ad7v-5hxr-s3a4 |
|
| 9 |
| vulnerability |
VCID-aujg-14fc-1qeb |
|
| 10 |
| vulnerability |
VCID-cneu-aazx-byfq |
|
| 11 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 12 |
| vulnerability |
VCID-e4ep-2ng5-1kbm |
|
| 13 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 14 |
| vulnerability |
VCID-g7s1-n3qt-b3au |
|
| 15 |
| vulnerability |
VCID-hh13-6e1x-p7ez |
|
| 16 |
| vulnerability |
VCID-jwj3-be5u-cfa6 |
|
| 17 |
| vulnerability |
VCID-k8na-x3nm-hkav |
|
| 18 |
| vulnerability |
VCID-mhqg-hey8-6bee |
|
| 19 |
| vulnerability |
VCID-nfvy-nma3-6qbp |
|
| 20 |
| vulnerability |
VCID-pdt2-ckb1-z3a8 |
|
| 21 |
| vulnerability |
VCID-sdtn-nzaq-e3cb |
|
| 22 |
| vulnerability |
VCID-t37k-f7k1-gyhz |
|
| 23 |
| vulnerability |
VCID-vvej-1fex-kqdn |
|
| 24 |
| vulnerability |
VCID-wcsx-j8xk-r7c7 |
|
| 25 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 26 |
| vulnerability |
VCID-x6d2-n97u-8ke1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.1.31 |
|
|
| aliases |
CVE-2019-12823, GHSA-w5q4-q7wp-qww6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xk93-69dj-9ufm |
|