Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64071?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64071?format=api", "purl": "pkg:composer/craftcms/cms@3.8.6", "type": "composer", "namespace": "craftcms", "name": "cms", "version": "3.8.6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.17.9", "latest_non_vulnerable_version": "5.9.18", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17699?format=api", "vulnerability_id": "VCID-27rw-tqt8-b3cw", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56911", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2817" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/" } ], "url": "https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb" }, { "reference_url": "https://www.tenable.com/security/research/tra-2023-20", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/research/tra-2023-20" }, { "reference_url": "https://www.tenable.com/security/research/tra-2023-20,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/research/tra-2023-20," }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2817", "reference_id": "CVE-2023-2817", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2817" }, { "reference_url": "https://github.com/advisories/GHSA-7x94-jx75-3gh6", "reference_id": "GHSA-7x94-jx75-3gh6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x94-jx75-3gh6" }, { "reference_url": "https://www.tenable.com/security/research/tra-2023-20%2C", "reference_id": "tra-2023-20%2C", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/" } ], "url": "https://www.tenable.com/security/research/tra-2023-20%2C" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64068?format=api", "purl": "pkg:composer/craftcms/cms@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-5h73-3z9j-xqb8" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-p9a4-4g1n-7qf4" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-tshq-ktbd-juak" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wj8y-tapy-p3f1" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-z48z-h23a-5qag" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.12" } ], "aliases": [ "CVE-2023-2817", "GHSA-7x94-jx75-3gh6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27rw-tqt8-b3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18313?format=api", "vulnerability_id": "VCID-5h73-3z9j-xqb8", "summary": "Craft CMS vulnerable to Remote Code Execution via validatePath bypass\nBypassing the validatePath function can lead to potential Remote Code Execution\n(Post-authentication, ALLOW_ADMIN_CHANGES=true)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54241", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40035" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/" } ], "url": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/3.8.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/3.8.15" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/4.4.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/4.4.15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40035", "reference_id": "CVE-2023-40035", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40035" }, { "reference_url": "https://github.com/advisories/GHSA-44wr-rmwq-3phw", "reference_id": "GHSA-44wr-rmwq-3phw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-44wr-rmwq-3phw" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw", "reference_id": "GHSA-44wr-rmwq-3phw", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65437?format=api", "purl": "pkg:composer/craftcms/cms@3.8.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-z48z-h23a-5qag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/65436?format=api", "purl": "pkg:composer/craftcms/cms@4.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-tshq-ktbd-juak" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wj8y-tapy-p3f1" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-z48z-h23a-5qag" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.15" } ], "aliases": [ "CVE-2023-40035", "GHSA-44wr-rmwq-3phw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5h73-3z9j-xqb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17700?format=api", "vulnerability_id": "VCID-82fq-7xbq-pkd4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCraft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69458", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33197" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/" } ], "url": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/4.4.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/4.4.6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33197", "reference_id": "CVE-2023-33197", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33197" }, { "reference_url": "https://github.com/advisories/GHSA-6qjx-787v-6pxr", "reference_id": "GHSA-6qjx-787v-6pxr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6qjx-787v-6pxr" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr", "reference_id": "GHSA-6qjx-787v-6pxr", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63980?format=api", "purl": "pkg:composer/craftcms/cms@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27rw-tqt8-b3cw" }, { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-5h73-3z9j-xqb8" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-gqy1-6u5a-hkeu" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-p9a4-4g1n-7qf4" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-tshq-ktbd-juak" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-upnk-thub-2fg1" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wj8y-tapy-p3f1" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-z48z-h23a-5qag" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6" } ], "aliases": [ "CVE-2023-33197", "GHSA-6qjx-787v-6pxr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82fq-7xbq-pkd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17781?format=api", "vulnerability_id": "VCID-e4ax-kekp-xud6", "summary": "Improper Control of Generation of Code ('Code Injection')\nCraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05499", "scoring_system": "epss", "scoring_elements": "0.90367", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30179" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14" }, { "reference_url": "https://github.com/github/advisory-database/pull/2443", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/2443" }, { "reference_url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/" } ], "url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714" }, { "reference_url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/" } ], "url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30179", "reference_id": "CVE-2023-30179", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30179" }, { "reference_url": "https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection", "reference_id": "CVE-2023-30179-SERVER-SIDE-TEMPLATE-INJECTION", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/" } ], "url": "https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection" }, { "reference_url": "https://github.com/advisories/GHSA-3x74-v64j-qc3f", "reference_id": "GHSA-3x74-v64j-qc3f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3x74-v64j-qc3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64201?format=api", "purl": "pkg:composer/craftcms/cms@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27rw-tqt8-b3cw" }, { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-31fs-rk4b-8keq" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-5h73-3z9j-xqb8" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-82fq-7xbq-pkd4" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-gbct-7xjg-quf4" }, { "vulnerability": "VCID-gqy1-6u5a-hkeu" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-kts7-xtbb-tqgy" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-p9a4-4g1n-7qf4" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-pv34-2wu7-j3he" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-tshq-ktbd-juak" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-upnk-thub-2fg1" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wj8y-tapy-p3f1" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-z48z-h23a-5qag" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.2" } ], "aliases": [ "CVE-2023-30179", "GHSA-3x74-v64j-qc3f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ax-kekp-xud6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22740?format=api", "vulnerability_id": "VCID-efkn-13cf-97c3", "summary": "Craft CMS: Cloud Metadata SSRF Protection Bypass via IPv6 Resolution\nThe SSRF validation in Craft CMS’s GraphQL Asset mutation uses `gethostbyname()`, which only resolves IPv4 addresses. When a hostname has only AAAA (IPv6) records, the function returns the hostname string itself, causing the blocklist comparison to always fail and completely bypassing SSRF protection.\n\nThis is a bypass of the security fix for CVE-2025-68437 ([GHSA-x27p-wfqw-hfcc](https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc))", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01554", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27129" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/commit/2825388b4f32fb1c9bd709027a1a1fd192d709a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:16:52Z/" } ], "url": "https://github.com/craftcms/cms/commit/2825388b4f32fb1c9bd709027a1a1fd192d709a3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27129", "reference_id": "CVE-2026-27129", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27129" }, { "reference_url": "https://github.com/advisories/GHSA-v2gc-rm6g-wrw9", "reference_id": "GHSA-v2gc-rm6g-wrw9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v2gc-rm6g-wrw9" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-v2gc-rm6g-wrw9", "reference_id": "GHSA-v2gc-rm6g-wrw9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:16:52Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-v2gc-rm6g-wrw9" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc", "reference_id": "GHSA-x27p-wfqw-hfcc", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:16:52Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72976?format=api", "purl": "pkg:composer/craftcms/cms@4.16.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/72975?format=api", "purl": "pkg:composer/craftcms/cms@5.8.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-785m-94zq-mqe8" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-gxan-r3pw-7uhw" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-kf34-utdc-cbay" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rhm7-ju23-yuby" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-t4zv-mpqc-9fbx" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.23" } ], "aliases": [ "CVE-2026-27129", "GHSA-v2gc-rm6g-wrw9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efkn-13cf-97c3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17864?format=api", "vulnerability_id": "VCID-gqy1-6u5a-hkeu", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCraft CMS through 4.4.9 is vulnerable to HTML Injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37727", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33495" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212" }, { "reference_url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/" } ], "url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33495", "reference_id": "CVE-2023-33495", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33495" }, { "reference_url": "https://github.com/advisories/GHSA-m3v5-gjj9-rg24", "reference_id": "GHSA-m3v5-gjj9-rg24", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m3v5-gjj9-rg24" }, { "reference_url": "https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212", "reference_id": "html-injection-in-craft-cms-application-e2b28f746212", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/" } ], "url": "https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64437?format=api", "purl": "pkg:composer/craftcms/cms@4.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27rw-tqt8-b3cw" }, { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-5h73-3z9j-xqb8" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-p9a4-4g1n-7qf4" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-tshq-ktbd-juak" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wj8y-tapy-p3f1" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-z48z-h23a-5qag" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.10" } ], "aliases": [ "CVE-2023-33495", "GHSA-m3v5-gjj9-rg24" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqy1-6u5a-hkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19329?format=api", "vulnerability_id": "VCID-ksxr-4r5f-w7ck", "summary": "Craft CMS Feed-Me\nAn issue discovered in Craft CMS version 4.6.1. allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58863", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36260" }, { "reference_url": "https://github.com/craftcms/feed-me", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/feed-me" }, { "reference_url": "https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/" } ], "url": "https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28" }, { "reference_url": "https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/" } ], "url": "https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29" }, { "reference_url": "https://github.com/craftcms/feed-me/releases/tag/4.6.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/feed-me/releases/tag/4.6.2" }, { "reference_url": "https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/" } ], "url": "https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36260", "reference_id": "CVE-2023-36260", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36260" }, { "reference_url": "https://github.com/advisories/GHSA-6p78-f7h9-6838", "reference_id": "GHSA-6p78-f7h9-6838", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6p78-f7h9-6838" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80299?format=api", "purl": "pkg:composer/craftcms/cms@4.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/67450?format=api", "purl": "pkg:composer/craftcms/cms@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-tshq-ktbd-juak" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wj8y-tapy-p3f1" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.7.0" } ], "aliases": [ "CVE-2023-36260", "GHSA-6p78-f7h9-6838" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksxr-4r5f-w7ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/295255?format=api", "vulnerability_id": "VCID-nyqy-y3dw-eyer", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33065", "scoring_system": "epss", "scoring_elements": "0.9698", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-35939" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2" }, { "reference_url": "https://github.com/craftcms/cms/pull/17220", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" } ], "url": "https://github.com/craftcms/cms/pull/17220" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/4.15.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/4.15.3" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/5.7.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/5.7.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35939" }, { "reference_url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" } ], "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2025-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2025-35939" }, { "reference_url": "https://github.com/advisories/GHSA-7vrx-9684-xrf2", "reference_id": "GHSA-7vrx-9684-xrf2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7vrx-9684-xrf2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73575?format=api", "purl": "pkg:composer/craftcms/cms@4.15.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zbrb-dmub-67as" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.15.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/73576?format=api", "purl": "pkg:composer/craftcms/cms@5.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-76vz-cxx8-z7fc" }, { "vulnerability": "VCID-785m-94zq-mqe8" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-gxan-r3pw-7uhw" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-kf34-utdc-cbay" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rhm7-ju23-yuby" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t4zv-mpqc-9fbx" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w35e-5gaq-y3aw" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zbrb-dmub-67as" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.7.5" } ], "aliases": [ "CVE-2025-35939", "GHSA-7vrx-9684-xrf2" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyqy-y3dw-eyer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21996?format=api", "vulnerability_id": "VCID-pggs-g9c8-w7d1", "summary": "Unauthenticated Craft CMS users can trigger a database backup\nUnauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure.Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.Resources:\n\nhttps://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39\n\nhttps://github.com/craftcms/cms/blob/5.x/CHANGELOG.md", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44587", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68456" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:08Z/" } ], "url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04" }, { "reference_url": "https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:08Z/" } ], "url": "https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68456", "reference_id": "CVE-2025-68456", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68456" }, { "reference_url": "https://github.com/advisories/GHSA-v64r-7wg9-23pr", "reference_id": "GHSA-v64r-7wg9-23pr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v64r-7wg9-23pr" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr", "reference_id": "GHSA-v64r-7wg9-23pr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:08Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71964?format=api", "purl": "pkg:composer/craftcms/cms@4.16.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/71963?format=api", "purl": "pkg:composer/craftcms/cms@5.8.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-76vz-cxx8-z7fc" }, { "vulnerability": "VCID-785m-94zq-mqe8" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-gxan-r3pw-7uhw" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-kf34-utdc-cbay" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rhm7-ju23-yuby" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t4zv-mpqc-9fbx" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w35e-5gaq-y3aw" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21" } ], "aliases": [ "CVE-2025-68456", "GHSA-v64r-7wg9-23pr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pggs-g9c8-w7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/269697?format=api", "vulnerability_id": "VCID-pjsn-x6mp-57c9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62721", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52292" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-cw6g-qmjq-6w2w", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:52:42Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-cw6g-qmjq-6w2w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52292", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52292" }, { "reference_url": "https://github.com/advisories/GHSA-cw6g-qmjq-6w2w", "reference_id": "GHSA-cw6g-qmjq-6w2w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cw6g-qmjq-6w2w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187820?format=api", "purl": "pkg:composer/craftcms/cms@4.12.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.12.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/187819?format=api", "purl": "pkg:composer/craftcms/cms@5.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-76vz-cxx8-z7fc" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-kf34-utdc-cbay" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rhm7-ju23-yuby" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w35e-5gaq-y3aw" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.4.9" } ], "aliases": [ "CVE-2024-52292", "GHSA-cw6g-qmjq-6w2w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjsn-x6mp-57c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22705?format=api", "vulnerability_id": "VCID-s9mh-xu8b-fqgf", "summary": "Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding\nThe SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution **separately** from the HTTP request. This Time-of-Check-Time-of-Use (TOCTOU) vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to the actual request.\n\nThis is a bypass of the security fix for CVE-2025-68437 ([GHSA-x27p-wfqw-hfcc](https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc)) that allows access to all blocked IPs, not just IPv6 endpoints.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27127", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00722", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27127" }, { "reference_url": "https://curl.se/libcurl/c/CURLOPT_RESOLVE.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://curl.se/libcurl/c/CURLOPT_RESOLVE.html" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/commit/a4cf3fb63bba3249cf1e2882b18a2d29e77a8575", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:12:07Z/" } ], "url": "https://github.com/craftcms/cms/commit/a4cf3fb63bba3249cf1e2882b18a2d29e77a8575" }, { "reference_url": "https://github.com/mogwailabs/DNSrebinder", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mogwailabs/DNSrebinder" }, { "reference_url": "https://github.com/nccgroup/singularity", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nccgroup/singularity" }, { "reference_url": "https://github.com/taviso/rbndr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/taviso/rbndr" }, { "reference_url": "https://unit42.paloaltonetworks.com/dns-rebinding", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://unit42.paloaltonetworks.com/dns-rebinding" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27127", "reference_id": "CVE-2026-27127", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27127" }, { "reference_url": "https://github.com/advisories/GHSA-gp2f-7wcm-5fhx", "reference_id": "GHSA-gp2f-7wcm-5fhx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gp2f-7wcm-5fhx" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-gp2f-7wcm-5fhx", "reference_id": "GHSA-gp2f-7wcm-5fhx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:12:07Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-gp2f-7wcm-5fhx" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc", "reference_id": "GHSA-x27p-wfqw-hfcc", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:12:07Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72976?format=api", "purl": "pkg:composer/craftcms/cms@4.16.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/72975?format=api", "purl": "pkg:composer/craftcms/cms@5.8.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-785m-94zq-mqe8" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-gxan-r3pw-7uhw" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-kf34-utdc-cbay" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rhm7-ju23-yuby" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-t4zv-mpqc-9fbx" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.23" } ], "aliases": [ "CVE-2026-27127", "GHSA-gp2f-7wcm-5fhx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9mh-xu8b-fqgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21971?format=api", "vulnerability_id": "VCID-t5h6-xvev-f3g7", "summary": "Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation\nThe Craft CMS GraphQL `save_<VolumeName>_Asset` mutation is vulnerable to Server-Side Request Forgery (SSRF). This vulnerability arises because the `_file` input, specifically its `url` parameter, allows the server to fetch content from arbitrary remote locations without proper validation. Attackers can exploit this by providing internal IP addresses or cloud metadata endpoints as the `url`, forcing the server to make requests to these restricted services. The fetched content is then saved as an asset, which can subsequently be accessed and exfiltrated, leading to potential data exposure and infrastructure compromise. This exploitation requires specific GraphQL permissions for asset management within the targeted volume.\n\nUsers should update to the patched 5.8.21 and 4.16.17 releases to mitigate the issue.References:\n\nhttps://github.com/craftcms/cms/commit/013db636fdb38f3ce5657fd196b6d952f98ebc52\n\nhttps://github.com/craftcms/cms/blob/5.x/CHANGELOG.md", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0579", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68437" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:27:06Z/" } ], "url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04" }, { "reference_url": "https://github.com/craftcms/cms/commit/013db636fdb38f3ce5657fd196b6d952f98ebc52", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:27:06Z/" } ], "url": "https://github.com/craftcms/cms/commit/013db636fdb38f3ce5657fd196b6d952f98ebc52" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68437", "reference_id": "CVE-2025-68437", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68437" }, { "reference_url": "https://github.com/advisories/GHSA-x27p-wfqw-hfcc", "reference_id": "GHSA-x27p-wfqw-hfcc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x27p-wfqw-hfcc" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc", "reference_id": "GHSA-x27p-wfqw-hfcc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:27:06Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71964?format=api", "purl": "pkg:composer/craftcms/cms@4.16.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/71963?format=api", "purl": "pkg:composer/craftcms/cms@5.8.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-64xk-a8pc-bkey" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-76vz-cxx8-z7fc" }, { "vulnerability": "VCID-785m-94zq-mqe8" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-gxan-r3pw-7uhw" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-kf34-utdc-cbay" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rhm7-ju23-yuby" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t4zv-mpqc-9fbx" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w35e-5gaq-y3aw" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21" } ], "aliases": [ "CVE-2025-68437", "GHSA-x27p-wfqw-hfcc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5h6-xvev-f3g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/294186?format=api", "vulnerability_id": "VCID-w9cn-xgye-jber", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92897", "scoring_system": "epss", "scoring_elements": "0.99778", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32432" }, { "reference_url": "https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical" }, { "reference_url": "https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical" }, { "reference_url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical" }, { "reference_url": "https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32432", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32432" }, { "reference_url": "https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52525.py", "reference_id": "CVE-2025-32432", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52525.py" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g", "reference_id": "GHSA-4w8r-3xrw-v25g", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g" }, { "reference_url": "https://github.com/advisories/GHSA-f3gw-9ww9-jmc3", "reference_id": "GHSA-f3gw-9ww9-jmc3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f3gw-9ww9-jmc3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193370?format=api", "purl": "pkg:composer/craftcms/cms@3.9.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/193371?format=api", "purl": "pkg:composer/craftcms/cms@4.14.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zbrb-dmub-67as" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.14.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/193372?format=api", "purl": "pkg:composer/craftcms/cms@5.6.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-76vz-cxx8-z7fc" }, { "vulnerability": "VCID-785m-94zq-mqe8" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-gxan-r3pw-7uhw" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-kf34-utdc-cbay" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rhm7-ju23-yuby" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t4zv-mpqc-9fbx" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w35e-5gaq-y3aw" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zbrb-dmub-67as" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.6.17" } ], "aliases": [ "CVE-2025-32432", "GHSA-f3gw-9ww9-jmc3" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w9cn-xgye-jber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271840?format=api", "vulnerability_id": "VCID-wx6u-ss6p-3ue3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93926", "scoring_system": "epss", "scoring_elements": "0.99886", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56145" }, { "reference_url": "https://github.com/Chocapikk/CVE-2024-56145", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Chocapikk/CVE-2024-56145" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-06T03:55:30Z/" } ], "url": "https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-06T03:55:30Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56145", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56145" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-56145", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-56145" }, { "reference_url": "https://github.com/advisories/GHSA-2p6p-9rc9-62j9", "reference_id": "GHSA-2p6p-9rc9-62j9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2p6p-9rc9-62j9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187516?format=api", "purl": "pkg:composer/craftcms/cms@3.9.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-w9cn-xgye-jber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/187515?format=api", "purl": "pkg:composer/craftcms/cms@4.13.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.13.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/187514?format=api", "purl": "pkg:composer/craftcms/cms@5.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-76vz-cxx8-z7fc" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-kf34-utdc-cbay" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rhm7-ju23-yuby" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w35e-5gaq-y3aw" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.5.2" } ], "aliases": [ "CVE-2024-56145", "GHSA-2p6p-9rc9-62j9" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wx6u-ss6p-3ue3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19193?format=api", "vulnerability_id": "VCID-z48z-h23a-5qag", "summary": "Improper Privilege Management\nCraft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27786", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21622" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16" }, { "reference_url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16" }, { "reference_url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa" }, { "reference_url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843" }, { "reference_url": "https://github.com/craftcms/cms/pull/13931", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/pull/13931" }, { "reference_url": "https://github.com/craftcms/cms/pull/13932", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/pull/13932" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21622", "reference_id": "CVE-2024-21622", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21622" }, { "reference_url": "https://github.com/advisories/GHSA-j5g9-j7r4-6qvx", "reference_id": "GHSA-j5g9-j7r4-6qvx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5g9-j7r4-6qvx" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx", "reference_id": "GHSA-j5g9-j7r4-6qvx", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67213?format=api", "purl": "pkg:composer/craftcms/cms@3.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/67214?format=api", "purl": "pkg:composer/craftcms/cms@4.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-g17s-3ghd-5fhm" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-ntx4-ssgk-jqgh" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-tshq-ktbd-juak" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-ukq9-ggdc-byf5" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wj8y-tapy-p3f1" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.5.11" } ], "aliases": [ "CVE-2024-21622", "GHSA-j5g9-j7r4-6qvx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z48z-h23a-5qag" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17702?format=api", "vulnerability_id": "VCID-kts7-xtbb-tqgy", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCraft is a CMS for creating custom digital experiences on the web. The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19536", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33194" }, { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:25:03Z/" } ], "url": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/4.4.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:25:03Z/" } ], "url": "https://github.com/craftcms/cms/releases/tag/4.4.6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33194", "reference_id": "CVE-2023-33194", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33194" }, { "reference_url": "https://github.com/advisories/GHSA-3wxg-w96j-8hq9", "reference_id": "GHSA-3wxg-w96j-8hq9", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3wxg-w96j-8hq9" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9", "reference_id": "GHSA-3wxg-w96j-8hq9", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:25:03Z/" } ], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64071?format=api", "purl": "pkg:composer/craftcms/cms@3.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27rw-tqt8-b3cw" }, { "vulnerability": "VCID-5h73-3z9j-xqb8" }, { "vulnerability": "VCID-82fq-7xbq-pkd4" }, { "vulnerability": "VCID-e4ax-kekp-xud6" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-gqy1-6u5a-hkeu" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-z48z-h23a-5qag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/63980?format=api", "purl": "pkg:composer/craftcms/cms@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27rw-tqt8-b3cw" }, { "vulnerability": "VCID-2re8-4twc-eqez" }, { "vulnerability": "VCID-33wy-gw8z-gud7" }, { "vulnerability": "VCID-3u81-kkt8-j7e7" }, { "vulnerability": "VCID-4zfr-4pgf-zke4" }, { "vulnerability": "VCID-51qg-ehr3-3qeu" }, { "vulnerability": "VCID-5h4n-14xc-uuf6" }, { "vulnerability": "VCID-5h73-3z9j-xqb8" }, { "vulnerability": "VCID-68jz-k8d5-u7dk" }, { "vulnerability": "VCID-6epu-syvm-d3ed" }, { "vulnerability": "VCID-7b71-dsva-cfan" }, { "vulnerability": "VCID-ccwe-z8nr-3qhq" }, { "vulnerability": "VCID-ch5h-xzgt-6kgs" }, { "vulnerability": "VCID-efkn-13cf-97c3" }, { "vulnerability": "VCID-ejv9-c3hf-jfax" }, { "vulnerability": "VCID-gqy1-6u5a-hkeu" }, { "vulnerability": "VCID-j9n2-1u2k-ckc5" }, { "vulnerability": "VCID-jxub-yja7-2qhf" }, { "vulnerability": "VCID-jy6d-5zfh-7ycp" }, { "vulnerability": "VCID-ksxr-4r5f-w7ck" }, { "vulnerability": "VCID-m28c-yq43-a7cq" }, { "vulnerability": "VCID-mfvj-g7bk-h3hw" }, { "vulnerability": "VCID-mytj-88ea-73d9" }, { "vulnerability": "VCID-n648-rgev-bydr" }, { "vulnerability": "VCID-nyqy-y3dw-eyer" }, { "vulnerability": "VCID-p9a4-4g1n-7qf4" }, { "vulnerability": "VCID-pggs-g9c8-w7d1" }, { "vulnerability": "VCID-pjsn-x6mp-57c9" }, { "vulnerability": "VCID-q1jg-5qq3-zkbv" }, { "vulnerability": "VCID-rnze-pnhe-abh4" }, { "vulnerability": "VCID-rrce-ncgp-qbcg" }, { "vulnerability": "VCID-s9mh-xu8b-fqgf" }, { "vulnerability": "VCID-t5h6-xvev-f3g7" }, { "vulnerability": "VCID-tshq-ktbd-juak" }, { "vulnerability": "VCID-ttgr-49ur-z7aa" }, { "vulnerability": "VCID-u3cv-q3ft-qkhj" }, { "vulnerability": "VCID-upnk-thub-2fg1" }, { "vulnerability": "VCID-uzyt-dujv-nqh6" }, { "vulnerability": "VCID-vg28-8erb-27ae" }, { "vulnerability": "VCID-vknb-zmk9-z3cc" }, { "vulnerability": "VCID-w9cn-xgye-jber" }, { "vulnerability": "VCID-whnf-tybt-qqbf" }, { "vulnerability": "VCID-wj8y-tapy-p3f1" }, { "vulnerability": "VCID-wx6u-ss6p-3ue3" }, { "vulnerability": "VCID-xpq3-v9ts-x7es" }, { "vulnerability": "VCID-xysn-pqxv-hyds" }, { "vulnerability": "VCID-z48z-h23a-5qag" }, { "vulnerability": "VCID-zebb-ngev-a7de" }, { "vulnerability": "VCID-zh94-u2by-xkg5" }, { "vulnerability": "VCID-zybg-fqev-eber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6" } ], "aliases": [ "CVE-2023-33194", "GHSA-3wxg-w96j-8hq9" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kts7-xtbb-tqgy" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.6" }