Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/455228?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/455228?format=api", "purl": "pkg:composer/craftcms/cms@3.2.0", "type": "composer", "namespace": "craftcms", "name": "cms", "version": "3.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.17.12", "latest_non_vulnerable_version": "5.9.18", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208536?format=api", "vulnerability_id": "VCID-118v-keeb-f7a6", "summary": "Craft CMS Cross-site Scripting Vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56291", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56172", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32470" }, { "reference_url": "https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security" }, { "reference_url": "https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32470", "reference_id": "CVE-2021-32470", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32470" }, { "reference_url": "https://github.com/advisories/GHSA-h2rj-8wgg-mm43", "reference_id": "GHSA-h2rj-8wgg-mm43", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h2rj-8wgg-mm43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19779?format=api", "purl": "pkg:composer/craftcms/cms@3.6.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3asf-kngu-ybf6" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9wmc-pstb-ykfq" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-jwj3-be5u-cfa6" }, { "vulnerability": "VCID-k8na-x3nm-hkav" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-sdtn-nzaq-e3cb" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x6d2-n97u-8ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.13" } ], "aliases": [ "CVE-2021-32470", "GHSA-h2rj-8wgg-mm43" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-118v-keeb-f7a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209319?format=api", "vulnerability_id": "VCID-3asf-kngu-ybf6", "summary": "Improper account password reset in Craft CMS", "references": [ { "reference_url": "http://packetstormsecurity.com/files/166989/Craft-CMS-3.7.36-Password-Reset-Poisoning-Attack.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/166989/Craft-CMS-3.7.36-Password-Reset-Poisoning-Attack.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02319", "scoring_system": "epss", "scoring_elements": "0.85141", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02319", "scoring_system": "epss", "scoring_elements": "0.85193", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29933" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md" }, { "reference_url": "https://sec-consult.com/vulnerability-lab", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sec-consult.com/vulnerability-lab" }, { "reference_url": "https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms" }, { "reference_url": "https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29933", "reference_id": "CVE-2022-29933", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29933" }, { "reference_url": "https://github.com/advisories/GHSA-5cjr-78cq-3wrg", "reference_id": "GHSA-5cjr-78cq-3wrg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5cjr-78cq-3wrg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20848?format=api", "purl": "pkg:composer/craftcms/cms@3.7.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3asf-kngu-ybf6" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/392449?format=api", "purl": "pkg:composer/craftcms/cms@3.7.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.37" } ], "aliases": [ "CVE-2022-29933", "GHSA-5cjr-78cq-3wrg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3asf-kngu-ybf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93304?format=api", "vulnerability_id": "VCID-8kdh-rvh3-4yfv", "summary": "Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44159", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44006", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68456" }, { "reference_url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04", "reference_id": "CHANGELOG.md#5821---2025-12-04", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:08Z/" } ], "url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68456", "reference_id": "CVE-2025-68456", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68456" }, { "reference_url": "https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39", "reference_id": "f83d4e0c6b906743206b4747db4abf8164b8da39", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:08Z/" } ], "url": "https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39" }, { "reference_url": "https://github.com/advisories/GHSA-v64r-7wg9-23pr", "reference_id": "GHSA-v64r-7wg9-23pr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v64r-7wg9-23pr" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr", "reference_id": "GHSA-v64r-7wg9-23pr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:08Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36519?format=api", "purl": "pkg:composer/craftcms/cms@4.16.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-9yzy-78sh-xydu" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/36516?format=api", "purl": "pkg:composer/craftcms/cms@5.8.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-6bwp-2ksu-xucy" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-9yzy-78sh-xydu" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-h9fr-63qv-bffn" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qr5e-wjjt-zudz" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-sswc-d2f8-zyc9" }, { "vulnerability": "VCID-tte6-fheg-g7hg" }, { "vulnerability": "VCID-up4q-hz23-vkcn" }, { "vulnerability": "VCID-uxc7-pe63-2khp" }, { "vulnerability": "VCID-vj1t-r17b-rufc" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21" } ], "aliases": [ "CVE-2025-68456", "GHSA-v64r-7wg9-23pr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8kdh-rvh3-4yfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/332283?format=api", "vulnerability_id": "VCID-8qus-7xen-hubb", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94276", "scoring_system": "epss", "scoring_elements": "0.99941", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9757" }, { "reference_url": "https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt" }, { "reference_url": "https://github.com/nystudio107/craft-seomatic", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nystudio107/craft-seomatic" }, { "reference_url": "https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md" }, { "reference_url": "https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b" }, { "reference_url": "https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9757", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9757" }, { "reference_url": "https://github.com/advisories/GHSA-6q4j-8pjm-5mgc", "reference_id": "GHSA-6q4j-8pjm-5mgc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6q4j-8pjm-5mgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/455241?format=api", "purl": "pkg:composer/craftcms/cms@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-118v-keeb-f7a6" }, { "vulnerability": "VCID-3asf-kngu-ybf6" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g7s1-n3qt-b3au" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-jwj3-be5u-cfa6" }, { "vulnerability": "VCID-k8na-x3nm-hkav" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nfvy-nma3-6qbp" }, { "vulnerability": "VCID-pdt2-ckb1-z3a8" }, { "vulnerability": "VCID-sdtn-nzaq-e3cb" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x6d2-n97u-8ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.0" } ], "aliases": [ "CVE-2020-9757", "GHSA-6q4j-8pjm-5mgc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qus-7xen-hubb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144143?format=api", "vulnerability_id": "VCID-9fqv-dg3y-wbbf", "summary": "Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19585", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19761", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33194" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33194", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33194" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/4.4.6", "reference_id": "4.4.6", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:25:03Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/4.4.6" }, { "reference_url": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888", "reference_id": "9d0cd0bda7c8a830a3373f8c0f06943e519ac888", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:25:03Z/" } ], "url": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888" }, { "reference_url": "https://github.com/advisories/GHSA-3wxg-w96j-8hq9", "reference_id": "GHSA-3wxg-w96j-8hq9", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3wxg-w96j-8hq9" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9", "reference_id": "GHSA-3wxg-w96j-8hq9", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:25:03Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381989?format=api", "purl": "pkg:composer/craftcms/cms@3.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/381988?format=api", "purl": "pkg:composer/craftcms/cms@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-9krv-seyq-juez" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gjvb-ht1w-s3hm" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6" } ], "aliases": [ "CVE-2023-33194", "GHSA-3wxg-w96j-8hq9" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fqv-dg3y-wbbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144141?format=api", "vulnerability_id": "VCID-9yny-vu36-tyes", "summary": "Craft CMS through 4.4.9 is vulnerable to HTML Injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37962", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37785", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33495" }, { "reference_url": "https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33495", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33495" }, { "reference_url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection", "reference_id": "03-Testing_for_HTML_Injection", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/" } ], "url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection" }, { "reference_url": "https://github.com/advisories/GHSA-m3v5-gjj9-rg24", "reference_id": "GHSA-m3v5-gjj9-rg24", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m3v5-gjj9-rg24" }, { "reference_url": "https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212", "reference_id": "html-injection-in-craft-cms-application-e2b28f746212", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/" } ], "url": "https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/393709?format=api", "purl": "pkg:composer/craftcms/cms@4.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gjvb-ht1w-s3hm" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.10" } ], "aliases": [ "CVE-2023-33495", "GHSA-m3v5-gjj9-rg24" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9yny-vu36-tyes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150450?format=api", "vulnerability_id": "VCID-a9bc-cgqq-jkfh", "summary": "Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.5439", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54516", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40035" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40035", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40035" }, { "reference_url": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5", "reference_id": "0bd33861abdc60c93209cff03eeee54504d3d3b5", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/" } ], "url": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/3.8.15", "reference_id": "3.8.15", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/3.8.15" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/4.4.15", "reference_id": "4.4.15", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/4.4.15" }, { "reference_url": "https://github.com/advisories/GHSA-44wr-rmwq-3phw", "reference_id": "GHSA-44wr-rmwq-3phw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-44wr-rmwq-3phw" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw", "reference_id": "GHSA-44wr-rmwq-3phw", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380601?format=api", "purl": "pkg:composer/craftcms/cms@3.8.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/379644?format=api", "purl": "pkg:composer/craftcms/cms@4.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.15" } ], "aliases": [ "CVE-2023-40035", "GHSA-44wr-rmwq-3phw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9bc-cgqq-jkfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/143897?format=api", "vulnerability_id": "VCID-ad7v-5hxr-s3a4", "summary": "Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.75298", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.75368", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33197" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33197", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33197" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/4.4.6", "reference_id": "4.4.6", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/4.4.6" }, { "reference_url": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766", "reference_id": "8c2ad0bd313015b8ee42326af2848ee748f1d766", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/" } ], "url": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766" }, { "reference_url": "https://github.com/advisories/GHSA-6qjx-787v-6pxr", "reference_id": "GHSA-6qjx-787v-6pxr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6qjx-787v-6pxr" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr", "reference_id": "GHSA-6qjx-787v-6pxr", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381988?format=api", "purl": "pkg:composer/craftcms/cms@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-9krv-seyq-juez" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gjvb-ht1w-s3hm" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6" } ], "aliases": [ "CVE-2023-33197", "GHSA-6qjx-787v-6pxr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ad7v-5hxr-s3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129971?format=api", "vulnerability_id": "VCID-aujg-14fc-1qeb", "summary": "CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.57073", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56954", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30177" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30177", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30177" }, { "reference_url": "https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e", "reference_id": "00fb253d5318e10204433e5d93934108e574005e", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T17:24:49Z/" } ], "url": "https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e" }, { "reference_url": "https://github.com/advisories/GHSA-wv7j-rc2q-9j67", "reference_id": "GHSA-wv7j-rc2q-9j67", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wv7j-rc2q-9j67" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379342?format=api", "purl": "pkg:composer/craftcms/cms@3.7.68", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.68" } ], "aliases": [ "CVE-2023-30177", "GHSA-wv7j-rc2q-9j67" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aujg-14fc-1qeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129860?format=api", "vulnerability_id": "VCID-cneu-aazx-byfq", "summary": "CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05499", "scoring_system": "epss", "scoring_elements": "0.90431", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05499", "scoring_system": "epss", "scoring_elements": "0.90462", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30179" }, { "reference_url": "https://github.com/github/advisory-database/pull/2443", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/2443" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30179", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30179" }, { "reference_url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714", "reference_id": "2443#issuecomment-1610040714", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/" } ], "url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714" }, { "reference_url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200", "reference_id": "2443#issuecomment-1610634200", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/" } ], "url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14", "reference_id": "CHANGELOG.md#442---2023-03-14", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14" }, { "reference_url": "https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection", "reference_id": "cve-2023-30179-server-side-template-injection", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/" } ], "url": "https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection" }, { "reference_url": "https://github.com/advisories/GHSA-3x74-v64j-qc3f", "reference_id": "GHSA-3x74-v64j-qc3f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3x74-v64j-qc3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381899?format=api", "purl": "pkg:composer/craftcms/cms@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9krv-seyq-juez" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gjvb-ht1w-s3hm" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-h3za-7cd7-vkav" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tf8p-xrne-8qfg" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.2" } ], "aliases": [ "CVE-2023-30179", "GHSA-3x74-v64j-qc3f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cneu-aazx-byfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114672?format=api", "vulnerability_id": "VCID-czuy-m8wp-fka2", "summary": "Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93094", "scoring_system": "epss", "scoring_elements": "0.99799", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32432" }, { "reference_url": "https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32432", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32432" }, { "reference_url": "https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432" }, { "reference_url": "https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical", "reference_id": "CHANGELOG.md#3915---2025-04-10-critical", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical" }, { "reference_url": "https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical", "reference_id": "CHANGELOG.md#41415---2025-04-10-critical", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical" }, { "reference_url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical", "reference_id": "CHANGELOG.md#5617---2025-04-10-critical", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52525.py", "reference_id": "CVE-2025-32432", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52525.py" }, { "reference_url": "https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47", "reference_id": "e1c85441fa47eeb7c688c2053f25419bc0547b47", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47" }, { "reference_url": "https://github.com/advisories/GHSA-f3gw-9ww9-jmc3", "reference_id": "GHSA-f3gw-9ww9-jmc3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f3gw-9ww9-jmc3" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3", "reference_id": "GHSA-f3gw-9ww9-jmc3", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376455?format=api", "purl": "pkg:composer/craftcms/cms@3.9.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/376456?format=api", "purl": "pkg:composer/craftcms/cms@4.14.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-f67g-n9d6-pkb5" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.14.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/376457?format=api", "purl": "pkg:composer/craftcms/cms@5.6.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-6bwp-2ksu-xucy" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-f67g-n9d6-pkb5" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-h9fr-63qv-bffn" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qr5e-wjjt-zudz" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-sswc-d2f8-zyc9" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-tte6-fheg-g7hg" }, { "vulnerability": "VCID-up4q-hz23-vkcn" }, { "vulnerability": "VCID-uxc7-pe63-2khp" }, { "vulnerability": "VCID-vj1t-r17b-rufc" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.6.17" } ], "aliases": [ "CVE-2025-32432", "GHSA-f3gw-9ww9-jmc3" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-czuy-m8wp-fka2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129769?format=api", "vulnerability_id": "VCID-e4ep-2ng5-1kbm", "summary": "An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07135", "scoring_system": "epss", "scoring_elements": "0.91742", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07135", "scoring_system": "epss", "scoring_elements": "0.91771", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30130" }, { "reference_url": "https://craftcms.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://craftcms.com" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30130", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30130" }, { "reference_url": "https://craftcms.com/", "reference_id": "craftcms.com", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T16:00:57Z/" } ], "url": "https://craftcms.com/" }, { "reference_url": "https://github.com/advisories/GHSA-fjx5-xm7q-whvj", "reference_id": "GHSA-fjx5-xm7q-whvj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fjx5-xm7q-whvj" }, { "reference_url": "https://tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1", "reference_id": "server-site-template-injection-on-craftcms-3.8.1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T16:00:57Z/" } ], "url": "https://tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/627173?format=api", "purl": "pkg:composer/craftcms/cms@3.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.2" } ], "aliases": [ "CVE-2023-30130", "GHSA-fjx5-xm7q-whvj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ep-2ng5-1kbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105090?format=api", "vulnerability_id": "VCID-fs3m-av1v-fuf1", "summary": "Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at '/var/lib/php/sessions'. Such session files are named 'sess_[session_value]', where '[session_value]' is provided to the client in a 'Set-Cookie' response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39398", "scoring_system": "epss", "scoring_elements": "0.9739", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.39398", "scoring_system": "epss", "scoring_elements": "0.97398", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-35939" }, { "reference_url": "https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35939" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939" }, { "reference_url": "https://github.com/craftcms/cms/pull/17220", "reference_id": "17220", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" } ], "url": "https://github.com/craftcms/cms/pull/17220" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/4.15.3", "reference_id": "4.15.3", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/4.15.3" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/5.7.5", "reference_id": "5.7.5", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/5.7.5" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2025-35939", "reference_id": "CVERecord?id=CVE-2025-35939", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2025-35939" }, { "reference_url": "https://github.com/advisories/GHSA-7vrx-9684-xrf2", "reference_id": "GHSA-7vrx-9684-xrf2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7vrx-9684-xrf2" }, { "reference_url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json", "reference_id": "va-25-147-01.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" } ], "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40673?format=api", "purl": "pkg:composer/craftcms/cms@4.15.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-9yzy-78sh-xydu" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-f67g-n9d6-pkb5" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.15.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/40676?format=api", "purl": "pkg:composer/craftcms/cms@5.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-6bwp-2ksu-xucy" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-9yzy-78sh-xydu" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-f67g-n9d6-pkb5" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-h9fr-63qv-bffn" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qr5e-wjjt-zudz" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-sswc-d2f8-zyc9" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-tte6-fheg-g7hg" }, { "vulnerability": "VCID-up4q-hz23-vkcn" }, { "vulnerability": "VCID-uxc7-pe63-2khp" }, { "vulnerability": "VCID-vj1t-r17b-rufc" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.7.5" } ], "aliases": [ "CVE-2025-35939", "GHSA-7vrx-9684-xrf2" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fs3m-av1v-fuf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/337919?format=api", "vulnerability_id": "VCID-g7s1-n3qt-b3au", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03824", "scoring_system": "epss", "scoring_elements": "0.88398", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03824", "scoring_system": "epss", "scoring_elements": "0.88437", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27903" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security" }, { "reference_url": "https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27903", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27903" }, { "reference_url": "https://github.com/advisories/GHSA-x2j7-6hxm-87p3", "reference_id": "GHSA-x2j7-6hxm-87p3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2j7-6hxm-87p3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383150?format=api", "purl": "pkg:composer/craftcms/cms@3.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-118v-keeb-f7a6" }, { "vulnerability": "VCID-3asf-kngu-ybf6" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9wmc-pstb-ykfq" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-jwj3-be5u-cfa6" }, { "vulnerability": "VCID-k8na-x3nm-hkav" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-sdtn-nzaq-e3cb" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x6d2-n97u-8ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.7" } ], "aliases": [ "CVE-2021-27903", "GHSA-x2j7-6hxm-87p3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7s1-n3qt-b3au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151232?format=api", "vulnerability_id": "VCID-hh13-6e1x-p7ez", "summary": "A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56903", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.57024", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2817" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2817", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2817" }, { "reference_url": "https://www.tenable.com/security/research/tra-2023-20", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/research/tra-2023-20" }, { "reference_url": "https://www.tenable.com/security/research/tra-2023-20,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/research/tra-2023-20," }, { "reference_url": "https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb", "reference_id": "7655e1009ba6cdbfb230e6bb138b775b69fc7bcb", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/" } ], "url": "https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb" }, { "reference_url": "https://github.com/advisories/GHSA-7x94-jx75-3gh6", "reference_id": "GHSA-7x94-jx75-3gh6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x94-jx75-3gh6" }, { "reference_url": "https://www.tenable.com/security/research/tra-2023-20%2C", "reference_id": "tra-2023-20%2C", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/" } ], "url": "https://www.tenable.com/security/research/tra-2023-20%2C" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381957?format=api", "purl": "pkg:composer/craftcms/cms@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gjvb-ht1w-s3hm" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.12" } ], "aliases": [ "CVE-2023-2817", "GHSA-7x94-jx75-3gh6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hh13-6e1x-p7ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167994?format=api", "vulnerability_id": "VCID-jwj3-be5u-cfa6", "summary": "All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.81342", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.81403", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37783" }, { "reference_url": "https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes" }, { "reference_url": "https://cves.at/posts/cve-2022-37783/writeup", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cves.at/posts/cve-2022-37783/writeup" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/06/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/06/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37783", "reference_id": "CVE-2022-37783", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37783" }, { "reference_url": "https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes/", "reference_id": "cve-disclosure-of-password-hashes", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:05Z/" } ], "url": "https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes/" }, { "reference_url": "https://github.com/advisories/GHSA-h972-v458-m892", "reference_id": "GHSA-h972-v458-m892", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h972-v458-m892" }, { "reference_url": "https://cves.at/posts/cve-2022-37783/writeup/", "reference_id": "writeup", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:05Z/" } ], "url": "https://cves.at/posts/cve-2022-37783/writeup/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28138?format=api", "purl": "pkg:composer/craftcms/cms@3.7.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.33" } ], "aliases": [ "CVE-2022-37783", "GHSA-h972-v458-m892" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwj3-be5u-cfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45395?format=api", "vulnerability_id": "VCID-k8na-x3nm-hkav", "summary": "Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89433", "scoring_system": "epss", "scoring_elements": "0.99568", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37843" }, { "reference_url": "https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql", "reference_id": "craft-cms-unauthenticated-sqli-via-graphql", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-12T22:53:54Z/" } ], "url": "https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37843", "reference_id": "CVE-2024-37843", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37843" }, { "reference_url": "https://github.com/advisories/GHSA-hq4f-mv3q-8wcv", "reference_id": "GHSA-hq4f-mv3q-8wcv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hq4f-mv3q-8wcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28137?format=api", "purl": "pkg:composer/craftcms/cms@3.7.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3asf-kngu-ybf6" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-jwj3-be5u-cfa6" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.32" } ], "aliases": [ "CVE-2024-37843", "GHSA-hq4f-mv3q-8wcv" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8na-x3nm-hkav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/136517?format=api", "vulnerability_id": "VCID-mhqg-hey8-6bee", "summary": "An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about code provided by the Craft CMS product; it is only a report about the Feed Me plugin. NOTE: a third-party report states that commit b5d6ede51848349bd91bc95fec288b6793f15e28 has \"nothing to do with security.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.59112", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.59001", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36260" }, { "reference_url": "https://github.com/craftcms/feed-me", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/feed-me" }, { "reference_url": "https://github.com/craftcms/feed-me/releases/tag/4.6.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/feed-me/releases/tag/4.6.2" }, { "reference_url": "https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28", "reference_id": "b5d6ede51848349bd91bc95fec288b6793f15e28", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/" } ], "url": "https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28" }, { "reference_url": "https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29", "reference_id": "b5d6ede51848349bd91bc95fec288b6793f15e28%29", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/" } ], "url": "https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36260", "reference_id": "CVE-2023-36260", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36260" }, { "reference_url": "https://github.com/advisories/GHSA-6p78-f7h9-6838", "reference_id": "GHSA-6p78-f7h9-6838", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6p78-f7h9-6838" }, { "reference_url": "https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D", "reference_id": "?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/" } ], "url": "https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28616?format=api", "purl": "pkg:composer/craftcms/cms@4.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/394995?format=api", "purl": "pkg:composer/craftcms/cms@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.7.0" } ], "aliases": [ "CVE-2023-36260", "GHSA-6p78-f7h9-6838" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhqg-hey8-6bee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/337918?format=api", "vulnerability_id": "VCID-nfvy-nma3-6qbp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.62334", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.62435", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27902" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1" }, { "reference_url": "https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27902", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27902" }, { "reference_url": "https://github.com/advisories/GHSA-3jxh-789f-p7m6", "reference_id": "GHSA-3jxh-789f-p7m6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3jxh-789f-p7m6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383183?format=api", "purl": "pkg:composer/craftcms/cms@3.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-118v-keeb-f7a6" }, { "vulnerability": "VCID-3asf-kngu-ybf6" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9wmc-pstb-ykfq" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g7s1-n3qt-b3au" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-jwj3-be5u-cfa6" }, { "vulnerability": "VCID-k8na-x3nm-hkav" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-sdtn-nzaq-e3cb" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x6d2-n97u-8ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.0" } ], "aliases": [ "CVE-2021-27902", "GHSA-3jxh-789f-p7m6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfvy-nma3-6qbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/313127?format=api", "vulnerability_id": "VCID-pdt2-ckb1-z3a8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56291", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56172", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17496" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09" }, { "reference_url": "https://github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17496", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17496" }, { "reference_url": "https://github.com/advisories/GHSA-f3xr-q258-h7m9", "reference_id": "GHSA-f3xr-q258-h7m9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f3xr-q258-h7m9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385585?format=api", "purl": "pkg:composer/craftcms/cms@3.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-118v-keeb-f7a6" }, { "vulnerability": "VCID-3asf-kngu-ybf6" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g7s1-n3qt-b3au" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-jwj3-be5u-cfa6" }, { "vulnerability": "VCID-k8na-x3nm-hkav" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nfvy-nma3-6qbp" }, { "vulnerability": "VCID-sdtn-nzaq-e3cb" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x6d2-n97u-8ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.8" } ], "aliases": [ "CVE-2019-17496", "GHSA-f3xr-q258-h7m9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pdt2-ckb1-z3a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208693?format=api", "vulnerability_id": "VCID-sdtn-nzaq-e3cb", "summary": "XSS Injection Vulnerability", "references": [ { "reference_url": "https://github.com/advisories/GHSA-wf98-vxv9-jqfv", "reference_id": "GHSA-wf98-vxv9-jqfv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wf98-vxv9-jqfv" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv", "reference_id": "GHSA-wf98-vxv9-jqfv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20005?format=api", "purl": "pkg:composer/craftcms/cms@3.7.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3asf-kngu-ybf6" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-jwj3-be5u-cfa6" }, { "vulnerability": "VCID-k8na-x3nm-hkav" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29" } ], "aliases": [ "GHSA-wf98-vxv9-jqfv", "GMS-2022-790" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sdtn-nzaq-e3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/130319?format=api", "vulnerability_id": "VCID-t37k-f7k1-gyhz", "summary": "Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02749", "scoring_system": "epss", "scoring_elements": "0.8632", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02749", "scoring_system": "epss", "scoring_elements": "0.86371", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23927" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23927" }, { "reference_url": "https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4", "reference_id": "215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/" } ], "url": "https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03", "reference_id": "CHANGELOG.md#437---2023-02-03", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03" }, { "reference_url": "https://github.com/advisories/GHSA-qcrj-6ffc-v7hq", "reference_id": "GHSA-qcrj-6ffc-v7hq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcrj-6ffc-v7hq" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq", "reference_id": "GHSA-qcrj-6ffc-v7hq", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380973?format=api", "purl": "pkg:composer/craftcms/cms@3.7.64", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.64" }, { "url": "http://public2.vulnerablecode.io/api/packages/380972?format=api", "purl": "pkg:composer/craftcms/cms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9krv-seyq-juez" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gjvb-ht1w-s3hm" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-h3za-7cd7-vkav" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tf8p-xrne-8qfg" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.3.7" } ], "aliases": [ "CVE-2023-23927", "GHSA-qcrj-6ffc-v7hq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t37k-f7k1-gyhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137261?format=api", "vulnerability_id": "VCID-vvej-1fex-kqdn", "summary": "Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71872", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71787", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31144" }, { "reference_url": "https://github.com/craftcms/cms/commit/e2f7e7b7d86a0afa54ce855375d13c7760670764", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/commit/e2f7e7b7d86a0afa54ce855375d13c7760670764" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31144", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31144" }, { "reference_url": "https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442", "reference_id": "52bd161614620edbab2d24d078ca9ebca2528442", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T16:40:35Z/" } ], "url": "https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442" }, { "reference_url": "https://github.com/advisories/GHSA-j4mx-98hw-6rv6", "reference_id": "GHSA-j4mx-98hw-6rv6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4mx-98hw-6rv6" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6", "reference_id": "GHSA-j4mx-98hw-6rv6", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T16:40:35Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382052?format=api", "purl": "pkg:composer/craftcms/cms@3.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/382053?format=api", "purl": "pkg:composer/craftcms/cms@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9krv-seyq-juez" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gjvb-ht1w-s3hm" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-h3za-7cd7-vkav" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tf8p-xrne-8qfg" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.4" } ], "aliases": [ "CVE-2023-31144", "GHSA-j4mx-98hw-6rv6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vvej-1fex-kqdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49227?format=api", "vulnerability_id": "VCID-wcsx-j8xk-r7c7", "summary": "Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.2763", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27832", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21622" }, { "reference_url": "https://github.com/craftcms/cms/pull/13931", "reference_id": "13931", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/pull/13931" }, { "reference_url": "https://github.com/craftcms/cms/pull/13932", "reference_id": "13932", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/pull/13932" }, { "reference_url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa", "reference_id": "76caf9af07d9964be0fd362772223be6a5f5b6aa", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa" }, { "reference_url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843", "reference_id": "be81eb653d633833f2ab22510794abb6bb9c0843", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843" }, { "reference_url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16", "reference_id": "CHANGELOG.md#396---2023-11-16", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16", "reference_id": "CHANGELOG.md#4511---2023-11-16", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21622", "reference_id": "CVE-2024-21622", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21622" }, { "reference_url": "https://github.com/advisories/GHSA-j5g9-j7r4-6qvx", "reference_id": "GHSA-j5g9-j7r4-6qvx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5g9-j7r4-6qvx" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx", "reference_id": "GHSA-j5g9-j7r4-6qvx", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28263?format=api", "purl": "pkg:composer/craftcms/cms@3.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/28261?format=api", "purl": "pkg:composer/craftcms/cms@4.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-eypa-1c6q-tfau" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-pfwt-hxpb-4ub8" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x12b-mjr9-sba2" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.5.11" } ], "aliases": [ "CVE-2024-21622", "GHSA-j5g9-j7r4-6qvx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wcsx-j8xk-r7c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42210?format=api", "vulnerability_id": "VCID-x12b-mjr9-sba2", "summary": "Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93926", "scoring_system": "epss", "scoring_elements": "0.99888", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56145" }, { "reference_url": "https://github.com/Chocapikk/CVE-2024-56145", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Chocapikk/CVE-2024-56145" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56145", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56145" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-56145", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-56145" }, { "reference_url": "https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3", "reference_id": "82e893fb794d30563da296bca31379c0df0079b3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-06T03:55:30Z/" } ], "url": "https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3" }, { "reference_url": "https://github.com/advisories/GHSA-2p6p-9rc9-62j9", "reference_id": "GHSA-2p6p-9rc9-62j9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2p6p-9rc9-62j9" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9", "reference_id": "GHSA-2p6p-9rc9-62j9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-06T03:55:30Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372512?format=api", "purl": "pkg:composer/craftcms/cms@3.9.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/372511?format=api", "purl": "pkg:composer/craftcms/cms@4.13.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-br1f-q8nk-v7b3" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.13.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/372510?format=api", "purl": "pkg:composer/craftcms/cms@5.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yx-3kck-s7dp" }, { "vulnerability": "VCID-16h7-f3pe-8qh8" }, { "vulnerability": "VCID-1c7e-bv58-33ax" }, { "vulnerability": "VCID-25ym-rhky-wbaq" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-5qkr-aqmx-8qau" }, { "vulnerability": "VCID-5r6n-351z-2ybh" }, { "vulnerability": "VCID-726q-jfsa-9qdz" }, { "vulnerability": "VCID-76k8-sveq-3qbf" }, { "vulnerability": "VCID-7mph-yq7h-5yb8" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-8rkv-wfha-n7hb" }, { "vulnerability": "VCID-b25s-j3du-sfg5" }, { "vulnerability": "VCID-bn85-sts4-5ygq" }, { "vulnerability": "VCID-bsh8-7q16-t7e4" }, { "vulnerability": "VCID-c38g-6ttm-yuep" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e3k3-fp6t-kycw" }, { "vulnerability": "VCID-e9qn-ar3q-g3e4" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-g637-7ns6-kyhj" }, { "vulnerability": "VCID-gp2d-vv3n-euda" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-h9fr-63qv-bffn" }, { "vulnerability": "VCID-j1d4-j44f-yqh9" }, { "vulnerability": "VCID-j6wk-k1jb-jfd5" }, { "vulnerability": "VCID-j8qq-yre6-4bfx" }, { "vulnerability": "VCID-kb3b-8hqt-nqfj" }, { "vulnerability": "VCID-nep2-e16y-9yg4" }, { "vulnerability": "VCID-nhab-uyen-ayhq" }, { "vulnerability": "VCID-p8kk-e27s-n7cs" }, { "vulnerability": "VCID-py3b-5ps7-7fe3" }, { "vulnerability": "VCID-qmcc-3ued-m7gk" }, { "vulnerability": "VCID-qr5e-wjjt-zudz" }, { "vulnerability": "VCID-qrmg-jky7-87cb" }, { "vulnerability": "VCID-r47n-36pn-cbe4" }, { "vulnerability": "VCID-rezz-ka5s-hyg2" }, { "vulnerability": "VCID-smdx-nfbs-2qbx" }, { "vulnerability": "VCID-tfc8-rkdd-53f7" }, { "vulnerability": "VCID-tte6-fheg-g7hg" }, { "vulnerability": "VCID-uxc7-pe63-2khp" }, { "vulnerability": "VCID-vj1t-r17b-rufc" }, { "vulnerability": "VCID-vrpf-parp-7kgr" }, { "vulnerability": "VCID-wnr9-2wyr-wug4" }, { "vulnerability": "VCID-x1w2-ytck-17bn" }, { "vulnerability": "VCID-y2ya-ys74-vqbv" }, { "vulnerability": "VCID-yc89-41eq-b3eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.5.2" } ], "aliases": [ "CVE-2024-56145", "GHSA-2p6p-9rc9-62j9" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x12b-mjr9-sba2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208683?format=api", "vulnerability_id": "VCID-x6d2-n97u-8ke1", "summary": "Cross-site Scripting in craftcms/cms", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56291", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56172", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28378" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18" }, { "reference_url": "https://github.com/craftcms/cms/commit/7ca2b2d2ccecfb524525afc8ceac6f6e44f84b88", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/commit/7ca2b2d2ccecfb524525afc8ceac6f6e44f84b88" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28378", "reference_id": "CVE-2022-28378", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28378" }, { "reference_url": "https://github.com/advisories/GHSA-7xj5-fwqr-5378", "reference_id": "GHSA-7xj5-fwqr-5378", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7xj5-fwqr-5378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20005?format=api", "purl": "pkg:composer/craftcms/cms@3.7.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3asf-kngu-ybf6" }, { "vulnerability": "VCID-543c-646v-4yfj" }, { "vulnerability": "VCID-8kdh-rvh3-4yfv" }, { "vulnerability": "VCID-8m8v-ymqs-fkh9" }, { "vulnerability": "VCID-9fqv-dg3y-wbbf" }, { "vulnerability": "VCID-9yny-vu36-tyes" }, { "vulnerability": "VCID-a9bc-cgqq-jkfh" }, { "vulnerability": "VCID-ad7v-5hxr-s3a4" }, { "vulnerability": "VCID-aujg-14fc-1qeb" }, { "vulnerability": "VCID-cneu-aazx-byfq" }, { "vulnerability": "VCID-czuy-m8wp-fka2" }, { "vulnerability": "VCID-e4ep-2ng5-1kbm" }, { "vulnerability": "VCID-fs3m-av1v-fuf1" }, { "vulnerability": "VCID-grmm-88sf-wyd4" }, { "vulnerability": "VCID-hh13-6e1x-p7ez" }, { "vulnerability": "VCID-htqk-ckr5-jbcu" }, { "vulnerability": "VCID-jwj3-be5u-cfa6" }, { "vulnerability": "VCID-k8na-x3nm-hkav" }, { "vulnerability": "VCID-mhqg-hey8-6bee" }, { "vulnerability": "VCID-t37k-f7k1-gyhz" }, { "vulnerability": "VCID-vvej-1fex-kqdn" }, { "vulnerability": "VCID-wcsx-j8xk-r7c7" }, { "vulnerability": "VCID-x12b-mjr9-sba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29" } ], "aliases": [ "CVE-2022-28378", "GHSA-7xj5-fwqr-5378" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6d2-n97u-8ke1" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.2.0" }