{"url":"http://public2.vulnerablecode.io/api/packages/19143?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.0.1","type":"maven","namespace":"org.craftercms","name":"crafter-studio","version":"3.0.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.27","latest_non_vulnerable_version":"4.3.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207825?format=json","vulnerability_id":"VCID-493g-d32w-vfhz","summary":"Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25802","reference_id":"","reference_type":"","scores":[{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63393","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63291","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25802"},{"reference_url":"https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080101","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080101"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25802","reference_id":"CVE-2020-25802","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25802"},{"reference_url":"https://github.com/advisories/GHSA-wq3v-3grq-6f86","reference_id":"GHSA-wq3v-3grq-6f86","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq3v-3grq-6f86"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19142?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.0.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.0.27"},{"url":"http://public2.vulnerablecode.io/api/packages/19140?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5h9w-q83v-1qf8"},{"vulnerability":"VCID-wgvu-jgkg-jybb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.1.7"}],"aliases":["CVE-2020-25802","GHSA-wq3v-3grq-6f86"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-493g-d32w-vfhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207824?format=json","vulnerability_id":"VCID-8xw9-jm1k-xbat","summary":"Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25803","reference_id":"","reference_type":"","scores":[{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.71556","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.7147","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25803"},{"reference_url":"https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25803","reference_id":"CVE-2020-25803","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25803"},{"reference_url":"https://github.com/advisories/GHSA-8786-wg74-f522","reference_id":"GHSA-8786-wg74-f522","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8786-wg74-f522"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19142?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.0.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.0.27"},{"url":"http://public2.vulnerablecode.io/api/packages/19140?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5h9w-q83v-1qf8"},{"vulnerability":"VCID-wgvu-jgkg-jybb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.1.7"}],"aliases":["CVE-2020-25803","GHSA-8786-wg74-f522"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xw9-jm1k-xbat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207831?format=json","vulnerability_id":"VCID-9ywy-2azr-13e6","summary":"Cross-site scripting in Crafter CMS Crafter Studio","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15686","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.56138","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.56017","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15686"},{"reference_url":"https://docs.craftercms.org/en/3.0/security/advisory.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.craftercms.org/en/3.0/security/advisory.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15686","reference_id":"CVE-2017-15686","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15686"},{"reference_url":"https://github.com/advisories/GHSA-ph76-rhqq-xj7j","reference_id":"GHSA-ph76-rhqq-xj7j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ph76-rhqq-xj7j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19144?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-493g-d32w-vfhz"},{"vulnerability":"VCID-8xw9-jm1k-xbat"},{"vulnerability":"VCID-gbzn-fe4c-wycg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.0.2"}],"aliases":["CVE-2017-15686","GHSA-ph76-rhqq-xj7j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ywy-2azr-13e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202666?format=json","vulnerability_id":"VCID-gbzn-fe4c-wycg","summary":"OS Command Injection in craftercms:crafter-studio","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19907","reference_id":"","reference_type":"","scores":[{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65355","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65255","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19907"},{"reference_url":"https://github.com/craftercms/craftercms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftercms/craftercms"},{"reference_url":"https://github.com/craftercms/craftercms/issues/2677","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftercms/craftercms/issues/2677"},{"reference_url":"https://medium.com/@buxuqua/rce-vulnerability-in-crafter-cms-server-side-template-injection-19d8708ce242","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@buxuqua/rce-vulnerability-in-crafter-cms-server-side-template-injection-19d8708ce242"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19907","reference_id":"CVE-2018-19907","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19907"},{"reference_url":"https://github.com/advisories/GHSA-9fcp-vcq9-9h2h","reference_id":"GHSA-9fcp-vcq9-9h2h","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fcp-vcq9-9h2h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/434848?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-493g-d32w-vfhz"},{"vulnerability":"VCID-8xw9-jm1k-xbat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.0.19"}],"aliases":["CVE-2018-19907","GHSA-9fcp-vcq9-9h2h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbzn-fe4c-wycg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207827?format=json","vulnerability_id":"VCID-mbjn-vkaw-b3ej","summary":"XML Injection in Crafter CMS Crafter Studio 3.0.1","references":[{"reference_url":"http://crafter.com","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://crafter.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15685","reference_id":"","reference_type":"","scores":[{"value":"0.02272","scoring_system":"epss","scoring_elements":"0.85011","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02272","scoring_system":"epss","scoring_elements":"0.85064","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15685"},{"reference_url":"https://docs.craftercms.org/en/3.0/security/advisory.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.craftercms.org/en/3.0/security/advisory.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15685","reference_id":"CVE-2017-15685","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15685"},{"reference_url":"https://github.com/advisories/GHSA-5hr6-vc97-qxxh","reference_id":"GHSA-5hr6-vc97-qxxh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hr6-vc97-qxxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19144?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-493g-d32w-vfhz"},{"vulnerability":"VCID-8xw9-jm1k-xbat"},{"vulnerability":"VCID-gbzn-fe4c-wycg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.0.2"}],"aliases":["CVE-2017-15685","GHSA-5hr6-vc97-qxxh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbjn-vkaw-b3ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207826?format=json","vulnerability_id":"VCID-uj6s-p7dj-8kdq","summary":"Path Traversal in Crafter CMS Crafter Studio","references":[{"reference_url":"http://crafter.com","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://crafter.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15681","reference_id":"","reference_type":"","scores":[{"value":"0.01976","scoring_system":"epss","scoring_elements":"0.83936","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01976","scoring_system":"epss","scoring_elements":"0.83993","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15681"},{"reference_url":"https://docs.craftercms.org/en/3.0/security/advisory.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.craftercms.org/en/3.0/security/advisory.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15681","reference_id":"CVE-2017-15681","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15681"},{"reference_url":"https://github.com/advisories/GHSA-7c6q-jqwc-4423","reference_id":"GHSA-7c6q-jqwc-4423","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7c6q-jqwc-4423"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19144?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-493g-d32w-vfhz"},{"vulnerability":"VCID-8xw9-jm1k-xbat"},{"vulnerability":"VCID-gbzn-fe4c-wycg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.0.2"}],"aliases":["CVE-2017-15681","GHSA-7c6q-jqwc-4423"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uj6s-p7dj-8kdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207828?format=json","vulnerability_id":"VCID-w5yg-hqdz-hqgk","summary":"Path Traversal in Crafter CMS Crafter Studio","references":[{"reference_url":"http://crafter.com","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://crafter.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15684","reference_id":"","reference_type":"","scores":[{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.87145","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.8719","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15684"},{"reference_url":"https://docs.craftercms.org/en/3.0/security/advisory.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.craftercms.org/en/3.0/security/advisory.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15684","reference_id":"CVE-2017-15684","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15684"},{"reference_url":"https://github.com/advisories/GHSA-f68h-hfqp-8rmv","reference_id":"GHSA-f68h-hfqp-8rmv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f68h-hfqp-8rmv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19144?format=json","purl":"pkg:maven/org.craftercms/crafter-studio@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-493g-d32w-vfhz"},{"vulnerability":"VCID-8xw9-jm1k-xbat"},{"vulnerability":"VCID-gbzn-fe4c-wycg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.0.2"}],"aliases":["CVE-2017-15684","GHSA-f68h-hfqp-8rmv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5yg-hqdz-hqgk"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.craftercms/crafter-studio@3.0.1"}