{"url":"http://public2.vulnerablecode.io/api/packages/229593?format=json","purl":"pkg:composer/craftcms/cms@3.0.14","type":"composer","namespace":"craftcms","name":"cms","version":"3.0.14","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.17.12","latest_non_vulnerable_version":"5.9.18","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42836?format=json","vulnerability_id":"VCID-3r9x-ax4j-3yha","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCraft CMS before 3.7.29 allows XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28378","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56045","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.561","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28378"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18"},{"reference_url":"https://github.com/craftcms/cms/commit/7ca2b2d2ccecfb524525afc8ceac6f6e44f84b88","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/commit/7ca2b2d2ccecfb524525afc8ceac6f6e44f84b88"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28378","reference_id":"CVE-2022-28378","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28378"},{"reference_url":"https://github.com/advisories/GHSA-7xj5-fwqr-5378","reference_id":"GHSA-7xj5-fwqr-5378","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7xj5-fwqr-5378"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61257?format=json","purl":"pkg:composer/craftcms/cms@3.7.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29"}],"aliases":["CVE-2022-28378","GHSA-7xj5-fwqr-5378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3r9x-ax4j-3yha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40555?format=json","vulnerability_id":"VCID-3twn-e7up-2ugq","summary":"Missing Encryption of Sensitive Data\nCraft CMS allows remote authenticated administrators to read sensitive information via server-side template injection which causes a cleartext username and password to be displayed in a URI field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20465","reference_id":"","reference_type":"","scores":[{"value":"0.00664","scoring_system":"epss","scoring_elements":"0.71581","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00664","scoring_system":"epss","scoring_elements":"0.71626","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20465"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md"},{"reference_url":"https://github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20465","reference_id":"CVE-2018-20465","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20465"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57237?format=json","purl":"pkg:composer/craftcms/cms@3.0.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r9x-ax4j-3yha"},{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-9kjs-xj6x-y3gb"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-adak-sn51-23gd"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-n1z8-7a8m-rfcc"},{"vulnerability":"VCID-nz6e-26rc-f3fa"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rx96-8kfy-4ugu"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-u4t8-gkkb-73bv"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-xc5n-1vqa-tqaz"},{"vulnerability":"VCID-xv52-rc7v-yba8"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.35"}],"aliases":["CVE-2018-20465","GHSA-j7fx-v37j-v3w7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3twn-e7up-2ugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44568?format=json","vulnerability_id":"VCID-41y2-tucq-ykaj","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCraft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23927","reference_id":"","reference_type":"","scores":[{"value":"0.02749","scoring_system":"epss","scoring_elements":"0.8627","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02749","scoring_system":"epss","scoring_elements":"0.86292","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23927"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/"}],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03"},{"reference_url":"https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/"}],"url":"https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23927","reference_id":"CVE-2023-23927","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23927"},{"reference_url":"https://github.com/advisories/GHSA-qcrj-6ffc-v7hq","reference_id":"GHSA-qcrj-6ffc-v7hq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qcrj-6ffc-v7hq"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq","reference_id":"GHSA-qcrj-6ffc-v7hq","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/"}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137658?format=json","purl":"pkg:composer/craftcms/cms@3.7.64","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.64"},{"url":"http://public2.vulnerablecode.io/api/packages/64107?format=json","purl":"pkg:composer/craftcms/cms@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-2vn9-2cs3-vbg3"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-f7gc-cgka-tycr"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rvrz-498f-2uet"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"},{"vulnerability":"VCID-wcx6-wed9-gub2"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.3.7"}],"aliases":["CVE-2023-23927","GHSA-qcrj-6ffc-v7hq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41y2-tucq-ykaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49586?format=json","vulnerability_id":"VCID-5mnd-qvaq-k3am","summary":"Unauthenticated Craft CMS users can trigger a database backup\nUnauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure.Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.Resources:\n\nhttps://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39\n\nhttps://github.com/craftcms/cms/blob/5.x/CHANGELOG.md","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68456","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.4399","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68456"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:08Z/"}],"url":"https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04"},{"reference_url":"https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:08Z/"}],"url":"https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68456","reference_id":"CVE-2025-68456","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68456"},{"reference_url":"https://github.com/advisories/GHSA-v64r-7wg9-23pr","reference_id":"GHSA-v64r-7wg9-23pr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v64r-7wg9-23pr"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr","reference_id":"GHSA-v64r-7wg9-23pr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:08Z/"}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73170?format=json","purl":"pkg:composer/craftcms/cms@4.16.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-p3n8-1sht-bfbt"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.17"},{"url":"http://public2.vulnerablecode.io/api/packages/73169?format=json","purl":"pkg:composer/craftcms/cms@5.8.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-5tzm-738x-xka9"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-a8p2-5cmc-n7g2"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-asek-4gme-gug8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-bqep-3c6u-mqhu"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-esma-wxje-eqh3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jnrx-e9b5-wqew"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-p3n8-1sht-bfbt"},{"vulnerability":"VCID-pgm4-svq8-tfc5"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-vvhc-rnpr-ubey"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21"}],"aliases":["CVE-2025-68456","GHSA-v64r-7wg9-23pr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mnd-qvaq-k3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45280?format=json","vulnerability_id":"VCID-5pur-jy1x-gfhv","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCraft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33197","reference_id":"","reference_type":"","scores":[{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.75246","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33197"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/"}],"url":"https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766"},{"reference_url":"https://github.com/craftcms/cms/releases/tag/4.4.6","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/"}],"url":"https://github.com/craftcms/cms/releases/tag/4.4.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33197","reference_id":"CVE-2023-33197","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33197"},{"reference_url":"https://github.com/advisories/GHSA-6qjx-787v-6pxr","reference_id":"GHSA-6qjx-787v-6pxr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6qjx-787v-6pxr"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr","reference_id":"GHSA-6qjx-787v-6pxr","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/"}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65150?format=json","purl":"pkg:composer/craftcms/cms@4.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-2vn9-2cs3-vbg3"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-f7gc-cgka-tycr"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6"}],"aliases":["CVE-2023-33197","GHSA-6qjx-787v-6pxr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pur-jy1x-gfhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45141?format=json","vulnerability_id":"VCID-6hcd-ayyh-3fdb","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in craftcms/cms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31144","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.7174","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31144"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T16:40:35Z/"}],"url":"https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442"},{"reference_url":"https://github.com/craftcms/cms/commit/e2f7e7b7d86a0afa54ce855375d13c7760670764","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/commit/e2f7e7b7d86a0afa54ce855375d13c7760670764"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31144","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31144"},{"reference_url":"https://github.com/advisories/GHSA-j4mx-98hw-6rv6","reference_id":"GHSA-j4mx-98hw-6rv6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j4mx-98hw-6rv6"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6","reference_id":"GHSA-j4mx-98hw-6rv6","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T16:40:35Z/"}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65071?format=json","purl":"pkg:composer/craftcms/cms@3.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/65072?format=json","purl":"pkg:composer/craftcms/cms@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-2vn9-2cs3-vbg3"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-f7gc-cgka-tycr"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rvrz-498f-2uet"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"},{"vulnerability":"VCID-wcx6-wed9-gub2"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.4"}],"aliases":["CVE-2023-31144","GHSA-j4mx-98hw-6rv6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hcd-ayyh-3fdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43304?format=json","vulnerability_id":"VCID-8pjj-w8h7-p7ga","summary":"Weak Password Recovery Mechanism for Forgotten Password\nCraft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).","references":[{"reference_url":"http://packetstormsecurity.com/files/166989/Craft-CMS-3.7.36-Password-Reset-Poisoning-Attack.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/166989/Craft-CMS-3.7.36-Password-Reset-Poisoning-Attack.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29933","reference_id":"","reference_type":"","scores":[{"value":"0.02319","scoring_system":"epss","scoring_elements":"0.85111","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02319","scoring_system":"epss","scoring_elements":"0.85087","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29933"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md"},{"reference_url":"https://sec-consult.com/vulnerability-lab","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sec-consult.com/vulnerability-lab"},{"reference_url":"https://sec-consult.com/vulnerability-lab/","reference_id":"","reference_type":"","scores":[],"url":"https://sec-consult.com/vulnerability-lab/"},{"reference_url":"https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms"},{"reference_url":"https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms/","reference_id":"","reference_type":"","scores":[],"url":"https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29933","reference_id":"CVE-2022-29933","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29933"},{"reference_url":"https://github.com/advisories/GHSA-5cjr-78cq-3wrg","reference_id":"GHSA-5cjr-78cq-3wrg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cjr-78cq-3wrg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62010?format=json","purl":"pkg:composer/craftcms/cms@3.7.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.36"},{"url":"http://public2.vulnerablecode.io/api/packages/62011?format=json","purl":"pkg:composer/craftcms/cms@3.7.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.37"}],"aliases":["CVE-2022-29933","GHSA-5cjr-78cq-3wrg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8pjj-w8h7-p7ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111130?format=json","vulnerability_id":"VCID-9kjs-xj6x-y3gb","summary":"Craft CMS XSS Vulnerability\nCraft CMS before 3.1.31 does not properly filter XML feeds, thus allowing XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12823","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56045","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.561","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12823"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/6432eca59b93bcea2ca2616199e5d419447e613f/CHANGELOG-v3.md","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/6432eca59b93bcea2ca2616199e5d419447e613f/CHANGELOG-v3.md"},{"reference_url":"https://github.com/craftcms/cms/commit/6432eca59b93bcea2ca2616199e5d419447e613f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/commit/6432eca59b93bcea2ca2616199e5d419447e613f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12823","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12823"},{"reference_url":"https://github.com/advisories/GHSA-w5q4-q7wp-qww6","reference_id":"GHSA-w5q4-q7wp-qww6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w5q4-q7wp-qww6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80119?format=json","purl":"pkg:composer/craftcms/cms@3.1.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r9x-ax4j-3yha"},{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-adak-sn51-23gd"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-n1z8-7a8m-rfcc"},{"vulnerability":"VCID-nz6e-26rc-f3fa"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-u4t8-gkkb-73bv"},{"vulnerability":"VCID-uamr-mmjj-ryhc"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-xc5n-1vqa-tqaz"},{"vulnerability":"VCID-xv52-rc7v-yba8"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.1.31"}],"aliases":["CVE-2019-12823","GHSA-w5q4-q7wp-qww6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kjs-xj6x-y3gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45444?format=json","vulnerability_id":"VCID-aajd-9qsf-37cr","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCraft CMS through 4.4.9 is vulnerable to HTML Injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33495","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.3779","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33495"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212"},{"reference_url":"https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/"}],"url":"https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33495","reference_id":"CVE-2023-33495","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33495"},{"reference_url":"https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212","reference_id":"html-injection-in-craft-cms-application-e2b28f746212","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/"}],"url":"https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65617?format=json","purl":"pkg:composer/craftcms/cms@4.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-f7gc-cgka-tycr"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.10"}],"aliases":["CVE-2023-33495","GHSA-m3v5-gjj9-rg24"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aajd-9qsf-37cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111482?format=json","vulnerability_id":"VCID-adak-sn51-23gd","summary":"Craft CMS XSS Vulnerability\nCraft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17496","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56045","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.561","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17496"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09"},{"reference_url":"https://github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17496","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17496"},{"reference_url":"https://github.com/advisories/GHSA-f3xr-q258-h7m9","reference_id":"GHSA-f3xr-q258-h7m9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f3xr-q258-h7m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152899?format=json","purl":"pkg:composer/craftcms/cms@3.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r9x-ax4j-3yha"},{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-n1z8-7a8m-rfcc"},{"vulnerability":"VCID-nz6e-26rc-f3fa"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-u4t8-gkkb-73bv"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-xc5n-1vqa-tqaz"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.8"}],"aliases":["CVE-2019-17496","GHSA-f3xr-q258-h7m9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-adak-sn51-23gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56366?format=json","vulnerability_id":"VCID-c2nk-y4rx-1qf4","summary":"Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled\nYou are affected if your php.ini configuration has `register_argc_argv` enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56145","reference_id":"","reference_type":"","scores":[{"value":"0.93926","scoring_system":"epss","scoring_elements":"0.99888","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56145"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-06T03:55:30Z/"}],"url":"https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-56145","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-56145"},{"reference_url":"https://github.com/Chocapikk/CVE-2024-56145","reference_id":"CVE-2024-56145","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Chocapikk/CVE-2024-56145"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56145","reference_id":"CVE-2024-56145","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56145"},{"reference_url":"https://github.com/advisories/GHSA-2p6p-9rc9-62j9","reference_id":"GHSA-2p6p-9rc9-62j9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2p6p-9rc9-62j9"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9","reference_id":"GHSA-2p6p-9rc9-62j9","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-06T03:55:30Z/"}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83574?format=json","purl":"pkg:composer/craftcms/cms@3.9.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.14"},{"url":"http://public2.vulnerablecode.io/api/packages/83573?format=json","purl":"pkg:composer/craftcms/cms@4.13.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.13.2"},{"url":"http://public2.vulnerablecode.io/api/packages/83572?format=json","purl":"pkg:composer/craftcms/cms@5.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-asek-4gme-gug8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-esma-wxje-eqh3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jnrx-e9b5-wqew"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-pgm4-svq8-tfc5"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-vvhc-rnpr-ubey"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.5.2"}],"aliases":["CVE-2024-56145","GHSA-2p6p-9rc9-62j9"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nk-y4rx-1qf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55418?format=json","vulnerability_id":"VCID-cwm6-qf1f-2keb","summary":"Craft CMS SQL injection vulnerability via the GraphQL API endpoint\nCraft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37843","reference_id":"","reference_type":"","scores":[{"value":"0.89433","scoring_system":"epss","scoring_elements":"0.99566","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37843"},{"reference_url":"https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-12T22:53:54Z/"}],"url":"https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37843","reference_id":"CVE-2024-37843","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37843"},{"reference_url":"https://github.com/advisories/GHSA-hq4f-mv3q-8wcv","reference_id":"GHSA-hq4f-mv3q-8wcv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hq4f-mv3q-8wcv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/504814?format=json","purl":"pkg:composer/craftcms/cms@3.7.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.32"}],"aliases":["CVE-2024-37843","GHSA-hq4f-mv3q-8wcv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwm6-qf1f-2keb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46914?format=json","vulnerability_id":"VCID-dz26-b2ts-puep","summary":"Craft CMS Feed-Me\nAn issue discovered in Craft CMS version 4.6.1. allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36260","reference_id":"","reference_type":"","scores":[{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58935","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36260"},{"reference_url":"https://github.com/craftcms/feed-me","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/feed-me"},{"reference_url":"https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/"}],"url":"https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28"},{"reference_url":"https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/"}],"url":"https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29"},{"reference_url":"https://github.com/craftcms/feed-me/releases/tag/4.6.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/feed-me/releases/tag/4.6.2"},{"reference_url":"https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/"}],"url":"https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36260","reference_id":"CVE-2023-36260","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36260"},{"reference_url":"https://github.com/advisories/GHSA-6p78-f7h9-6838","reference_id":"GHSA-6p78-f7h9-6838","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6p78-f7h9-6838"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/107427?format=json","purl":"pkg:composer/craftcms/cms@4.6.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/68643?format=json","purl":"pkg:composer/craftcms/cms@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.7.0"}],"aliases":["CVE-2023-36260","GHSA-6p78-f7h9-6838"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dz26-b2ts-puep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45893?format=json","vulnerability_id":"VCID-ec34-nvn3-qbcb","summary":"Craft CMS vulnerable to Remote Code Execution via validatePath bypass\nBypassing the validatePath function can lead to potential Remote Code Execution\n(Post-authentication, ALLOW_ADMIN_CHANGES=true)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40035","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54323","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40035"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/"}],"url":"https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5"},{"reference_url":"https://github.com/craftcms/cms/releases/tag/3.8.15","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/"}],"url":"https://github.com/craftcms/cms/releases/tag/3.8.15"},{"reference_url":"https://github.com/craftcms/cms/releases/tag/4.4.15","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/"}],"url":"https://github.com/craftcms/cms/releases/tag/4.4.15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40035","reference_id":"CVE-2023-40035","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40035"},{"reference_url":"https://github.com/advisories/GHSA-44wr-rmwq-3phw","reference_id":"GHSA-44wr-rmwq-3phw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-44wr-rmwq-3phw"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw","reference_id":"GHSA-44wr-rmwq-3phw","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/"}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66617?format=json","purl":"pkg:composer/craftcms/cms@3.8.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.15"},{"url":"http://public2.vulnerablecode.io/api/packages/66616?format=json","purl":"pkg:composer/craftcms/cms@4.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.15"}],"aliases":["CVE-2023-40035","GHSA-44wr-rmwq-3phw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ec34-nvn3-qbcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109631?format=json","vulnerability_id":"VCID-eecq-8t4y-kka3","summary":"Craft CMS discloses password hashes\nAll Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37783","reference_id":"","reference_type":"","scores":[{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.81292","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.81264","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37783"},{"reference_url":"https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes"},{"reference_url":"https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:05Z/"}],"url":"https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes/"},{"reference_url":"https://cves.at/posts/cve-2022-37783/writeup","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cves.at/posts/cve-2022-37783/writeup"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37783","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37783"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/06/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/06/1"},{"reference_url":"https://github.com/advisories/GHSA-h972-v458-m892","reference_id":"GHSA-h972-v458-m892","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h972-v458-m892"},{"reference_url":"https://cves.at/posts/cve-2022-37783/writeup/","reference_id":"writeup","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:05Z/"}],"url":"https://cves.at/posts/cve-2022-37783/writeup/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146771?format=json","purl":"pkg:composer/craftcms/cms@3.7.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.33"}],"aliases":["CVE-2022-37783","GHSA-h972-v458-m892"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eecq-8t4y-kka3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45282?format=json","vulnerability_id":"VCID-hm7h-7cu3-8be1","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCraft is a CMS for creating custom digital experiences on the web. The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33194","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19596","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33194"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:25:03Z/"}],"url":"https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888"},{"reference_url":"https://github.com/craftcms/cms/releases/tag/4.4.6","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:25:03Z/"}],"url":"https://github.com/craftcms/cms/releases/tag/4.4.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33194","reference_id":"CVE-2023-33194","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33194"},{"reference_url":"https://github.com/advisories/GHSA-3wxg-w96j-8hq9","reference_id":"GHSA-3wxg-w96j-8hq9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3wxg-w96j-8hq9"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9","reference_id":"GHSA-3wxg-w96j-8hq9","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:25:03Z/"}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65251?format=json","purl":"pkg:composer/craftcms/cms@3.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/65150?format=json","purl":"pkg:composer/craftcms/cms@4.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-2vn9-2cs3-vbg3"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-f7gc-cgka-tycr"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6"}],"aliases":["CVE-2023-33194","GHSA-3wxg-w96j-8hq9"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hm7h-7cu3-8be1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46777?format=json","vulnerability_id":"VCID-jhen-vhqx-n7dr","summary":"Improper Privilege Management\nCraft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21622","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27732","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21622"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/"}],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16"},{"reference_url":"https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/"}],"url":"https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16"},{"reference_url":"https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/"}],"url":"https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa"},{"reference_url":"https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/"}],"url":"https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843"},{"reference_url":"https://github.com/craftcms/cms/pull/13931","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/"}],"url":"https://github.com/craftcms/cms/pull/13931"},{"reference_url":"https://github.com/craftcms/cms/pull/13932","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/"}],"url":"https://github.com/craftcms/cms/pull/13932"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21622","reference_id":"CVE-2024-21622","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21622"},{"reference_url":"https://github.com/advisories/GHSA-j5g9-j7r4-6qvx","reference_id":"GHSA-j5g9-j7r4-6qvx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j5g9-j7r4-6qvx"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx","reference_id":"GHSA-j5g9-j7r4-6qvx","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/"}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68405?format=json","purl":"pkg:composer/craftcms/cms@3.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/68406?format=json","purl":"pkg:composer/craftcms/cms@4.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.5.11"}],"aliases":["CVE-2024-21622","GHSA-j5g9-j7r4-6qvx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhen-vhqx-n7dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57273?format=json","vulnerability_id":"VCID-jxet-d8ux-mkge","summary":"Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at `/var/lib/php/sessions`. Such session files are named `sess_[session_value]`, where `[session_value]` is provided to the client in a `Set-Cookie` response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-35939","reference_id":"","reference_type":"","scores":[{"value":"0.33065","scoring_system":"epss","scoring_elements":"0.96993","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-35939"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2"},{"reference_url":"https://github.com/craftcms/cms/pull/17220","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/"}],"url":"https://github.com/craftcms/cms/pull/17220"},{"reference_url":"https://github.com/craftcms/cms/releases/tag/4.15.3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/"}],"url":"https://github.com/craftcms/cms/releases/tag/4.15.3"},{"reference_url":"https://github.com/craftcms/cms/releases/tag/5.7.5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/"}],"url":"https://github.com/craftcms/cms/releases/tag/5.7.5"},{"reference_url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/"}],"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2025-35939","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/"}],"url":"https://www.cve.org/CVERecord?id=CVE-2025-35939"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-35939","reference_id":"CVE-2025-35939","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-35939"},{"reference_url":"https://github.com/advisories/GHSA-7vrx-9684-xrf2","reference_id":"GHSA-7vrx-9684-xrf2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7vrx-9684-xrf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74788?format=json","purl":"pkg:composer/craftcms/cms@4.15.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dbcz-erbe-u7dt"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-p3n8-1sht-bfbt"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.15.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74789?format=json","purl":"pkg:composer/craftcms/cms@5.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-5tzm-738x-xka9"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-a8p2-5cmc-n7g2"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-asek-4gme-gug8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-bqep-3c6u-mqhu"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dbcz-erbe-u7dt"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-esma-wxje-eqh3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jnrx-e9b5-wqew"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-p3n8-1sht-bfbt"},{"vulnerability":"VCID-pgm4-svq8-tfc5"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-vvhc-rnpr-ubey"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.7.5"}],"aliases":["CVE-2025-35939","GHSA-7vrx-9684-xrf2"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxet-d8ux-mkge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108321?format=json","vulnerability_id":"VCID-n1z8-7a8m-rfcc","summary":"Craft CMS Remote Code Injection\nAn issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27903","reference_id":"","reference_type":"","scores":[{"value":"0.03824","scoring_system":"epss","scoring_elements":"0.8836","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03824","scoring_system":"epss","scoring_elements":"0.88342","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27903"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security"},{"reference_url":"https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27903","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27903"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/142121?format=json","purl":"pkg:composer/craftcms/cms@3.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r9x-ax4j-3yha"},{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-c9mw-1at1-ebaz"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-nz6e-26rc-f3fa"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-u4t8-gkkb-73bv"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.7"}],"aliases":["CVE-2021-27903","GHSA-x2j7-6hxm-87p3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n1z8-7a8m-rfcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54460?format=json","vulnerability_id":"VCID-nz6e-26rc-f3fa","summary":"Cross-site Scripting\nCraft CMS has an XSS vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32470","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56045","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.561","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32470"},{"reference_url":"https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security"},{"reference_url":"https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32470","reference_id":"CVE-2021-32470","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32470"},{"reference_url":"https://github.com/advisories/GHSA-h2rj-8wgg-mm43","reference_id":"GHSA-h2rj-8wgg-mm43","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h2rj-8wgg-mm43"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80685?format=json","purl":"pkg:composer/craftcms/cms@3.6.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r9x-ax4j-3yha"},{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-c9mw-1at1-ebaz"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-u4t8-gkkb-73bv"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.13"}],"aliases":["CVE-2021-32470","GHSA-h2rj-8wgg-mm43"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nz6e-26rc-f3fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45361?format=json","vulnerability_id":"VCID-qcwp-su57-9fa1","summary":"Improper Control of Generation of Code ('Code Injection')\nCraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30179","reference_id":"","reference_type":"","scores":[{"value":"0.05499","scoring_system":"epss","scoring_elements":"0.90401","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30179"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/"}],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14"},{"reference_url":"https://github.com/github/advisory-database/pull/2443","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/2443"},{"reference_url":"https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/"}],"url":"https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714"},{"reference_url":"https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/"}],"url":"https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30179","reference_id":"CVE-2023-30179","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30179"},{"reference_url":"https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection","reference_id":"CVE-2023-30179-SERVER-SIDE-TEMPLATE-INJECTION","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/"}],"url":"https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65381?format=json","purl":"pkg:composer/craftcms/cms@4.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-2vn9-2cs3-vbg3"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-f7gc-cgka-tycr"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rvrz-498f-2uet"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"},{"vulnerability":"VCID-wcx6-wed9-gub2"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.2"}],"aliases":["CVE-2023-30179","GHSA-3x74-v64j-qc3f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcwp-su57-9fa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57189?format=json","vulnerability_id":"VCID-qq68-3j4y-47am","summary":"Craft CMS Allows Remote Code Execution\nThis is an additional fix for https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g\n\nThis is a high-impact, low-complexity attack vector. To mitigate the issue, users running Craft installations before the fixed versions are encouraged to update to at least that version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32432","reference_id":"","reference_type":"","scores":[{"value":"0.93094","scoring_system":"epss","scoring_elements":"0.99798","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32432"},{"reference_url":"https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/"}],"url":"https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical"},{"reference_url":"https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/"}],"url":"https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical"},{"reference_url":"https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/"}],"url":"https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical"},{"reference_url":"https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/"}],"url":"https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47"},{"reference_url":"https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52525.py","reference_id":"CVE-2025-32432","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52525.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32432","reference_id":"CVE-2025-32432","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32432"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g","reference_id":"GHSA-4w8r-3xrw-v25g","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g"},{"reference_url":"https://github.com/advisories/GHSA-f3gw-9ww9-jmc3","reference_id":"GHSA-f3gw-9ww9-jmc3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f3gw-9ww9-jmc3"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3","reference_id":"GHSA-f3gw-9ww9-jmc3","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-20T15:24:23Z/"}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84933?format=json","purl":"pkg:composer/craftcms/cms@3.9.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.15"},{"url":"http://public2.vulnerablecode.io/api/packages/84934?format=json","purl":"pkg:composer/craftcms/cms@4.14.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dbcz-erbe-u7dt"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.14.15"},{"url":"http://public2.vulnerablecode.io/api/packages/84935?format=json","purl":"pkg:composer/craftcms/cms@5.6.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-39ct-cg7w-kyb6"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5q5g-jrxm-eyhe"},{"vulnerability":"VCID-5tzm-738x-xka9"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-a3b5-pwyh-yugv"},{"vulnerability":"VCID-a8p2-5cmc-n7g2"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-asek-4gme-gug8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-bqep-3c6u-mqhu"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dbcz-erbe-u7dt"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-esma-wxje-eqh3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jnrx-e9b5-wqew"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-pgm4-svq8-tfc5"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-vvhc-rnpr-ubey"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.6.17"}],"aliases":["CVE-2025-32432","GHSA-f3gw-9ww9-jmc3"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq68-3j4y-47am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111429?format=json","vulnerability_id":"VCID-rx96-8kfy-4ugu","summary":"Craft CMS possibility of brute force attempts\nIn Craft CMS before 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15929","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58308","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58355","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15929"},{"reference_url":"https://github.com/craftcms/cms/blob/3.1.7/CHANGELOG-v3.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/3.1.7/CHANGELOG-v3.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15929","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15929"},{"reference_url":"https://github.com/advisories/GHSA-wvr4-w6cw-4px8","reference_id":"GHSA-wvr4-w6cw-4px8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wvr4-w6cw-4px8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152502?format=json","purl":"pkg:composer/craftcms/cms@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r9x-ax4j-3yha"},{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-9kjs-xj6x-y3gb"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-adak-sn51-23gd"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-n1z8-7a8m-rfcc"},{"vulnerability":"VCID-nz6e-26rc-f3fa"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-u4t8-gkkb-73bv"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-xc5n-1vqa-tqaz"},{"vulnerability":"VCID-xv52-rc7v-yba8"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.1.7"}],"aliases":["CVE-2019-15929","GHSA-wvr4-w6cw-4px8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rx96-8kfy-4ugu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45169?format=json","vulnerability_id":"VCID-s5v6-e631-17f5","summary":"CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter\nAn issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30130","reference_id":"","reference_type":"","scores":[{"value":"0.07135","scoring_system":"epss","scoring_elements":"0.9171","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30130"},{"reference_url":"https://craftcms.com","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://craftcms.com"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T16:00:57Z/"}],"url":"https://tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1"},{"reference_url":"https://craftcms.com/","reference_id":"craftcms.com","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T16:00:57Z/"}],"url":"https://craftcms.com/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30130","reference_id":"CVE-2023-30130","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30130"},{"reference_url":"https://github.com/advisories/GHSA-fjx5-xm7q-whvj","reference_id":"GHSA-fjx5-xm7q-whvj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fjx5-xm7q-whvj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/650962?format=json","purl":"pkg:composer/craftcms/cms@3.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.2"}],"aliases":["CVE-2023-30130","GHSA-fjx5-xm7q-whvj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5v6-e631-17f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42840?format=json","vulnerability_id":"VCID-u4t8-gkkb-73bv","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in craftcms/cms.","references":[{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/advisories/GHSA-wf98-vxv9-jqfv","reference_id":"GHSA-wf98-vxv9-jqfv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf98-vxv9-jqfv"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv","reference_id":"GHSA-wf98-vxv9-jqfv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61257?format=json","purl":"pkg:composer/craftcms/cms@3.7.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29"}],"aliases":["GHSA-wf98-vxv9-jqfv","GMS-2022-790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4t8-gkkb-73bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45043?format=json","vulnerability_id":"VCID-vbz3-3rqd-3fh6","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30177","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56884","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30177"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T17:24:49Z/"}],"url":"https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30177","reference_id":"CVE-2023-30177","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30177"},{"reference_url":"https://github.com/advisories/GHSA-wv7j-rc2q-9j67","reference_id":"GHSA-wv7j-rc2q-9j67","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wv7j-rc2q-9j67"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64966?format=json","purl":"pkg:composer/craftcms/cms@3.7.68","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.68"}],"aliases":["CVE-2023-30177","GHSA-wv7j-rc2q-9j67"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbz3-3rqd-3fh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108329?format=json","vulnerability_id":"VCID-xc5n-1vqa-tqaz","summary":"Craft CMS Cross-site Scripting Vulnerability\nAn issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27902","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62273","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62224","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27902"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26"},{"reference_url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1"},{"reference_url":"https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27902","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27902"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/142146?format=json","purl":"pkg:composer/craftcms/cms@3.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r9x-ax4j-3yha"},{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-c9mw-1at1-ebaz"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-n1z8-7a8m-rfcc"},{"vulnerability":"VCID-nz6e-26rc-f3fa"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-u4t8-gkkb-73bv"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.0"}],"aliases":["CVE-2021-27902","GHSA-3jxh-789f-p7m6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xc5n-1vqa-tqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52307?format=json","vulnerability_id":"VCID-xv52-rc7v-yba8","summary":"Injection Vulnerability\nThe `SEOmatic` component for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the `metacontainers` controller.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9757","reference_id":"","reference_type":"","scores":[{"value":"0.94276","scoring_system":"epss","scoring_elements":"0.99941","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9757"},{"reference_url":"https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt"},{"reference_url":"https://github.com/nystudio107/craft-seomatic","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nystudio107/craft-seomatic"},{"reference_url":"https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md"},{"reference_url":"https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b"},{"reference_url":"https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9757","reference_id":"CVE-2020-9757","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9757"},{"reference_url":"https://github.com/advisories/GHSA-6q4j-8pjm-5mgc","reference_id":"GHSA-6q4j-8pjm-5mgc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6q4j-8pjm-5mgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76817?format=json","purl":"pkg:composer/craftcms/cms@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r9x-ax4j-3yha"},{"vulnerability":"VCID-41y2-tucq-ykaj"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-5pur-jy1x-gfhv"},{"vulnerability":"VCID-6hcd-ayyh-3fdb"},{"vulnerability":"VCID-8pjj-w8h7-p7ga"},{"vulnerability":"VCID-aajd-9qsf-37cr"},{"vulnerability":"VCID-adak-sn51-23gd"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-cwm6-qf1f-2keb"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-eecq-8t4y-kka3"},{"vulnerability":"VCID-hm7h-7cu3-8be1"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-n1z8-7a8m-rfcc"},{"vulnerability":"VCID-nz6e-26rc-f3fa"},{"vulnerability":"VCID-qcwp-su57-9fa1"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-s5v6-e631-17f5"},{"vulnerability":"VCID-u4t8-gkkb-73bv"},{"vulnerability":"VCID-vbz3-3rqd-3fh6"},{"vulnerability":"VCID-xc5n-1vqa-tqaz"},{"vulnerability":"VCID-ymw8-mvrz-e7bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.0"}],"aliases":["CVE-2020-9757","GHSA-6q4j-8pjm-5mgc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xv52-rc7v-yba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45279?format=json","vulnerability_id":"VCID-ymw8-mvrz-e7bc","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2817","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56831","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2817"},{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/"}],"url":"https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb"},{"reference_url":"https://www.tenable.com/security/research/tra-2023-20","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/security/research/tra-2023-20"},{"reference_url":"https://www.tenable.com/security/research/tra-2023-20,","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/research/tra-2023-20,"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2817","reference_id":"CVE-2023-2817","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2817"},{"reference_url":"https://www.tenable.com/security/research/tra-2023-20%2C","reference_id":"tra-2023-20%2C","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/"}],"url":"https://www.tenable.com/security/research/tra-2023-20%2C"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65248?format=json","purl":"pkg:composer/craftcms/cms@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1468-4fdx-kbfr"},{"vulnerability":"VCID-1mb5-28xp-ckd2"},{"vulnerability":"VCID-41uv-1axm-fugb"},{"vulnerability":"VCID-4wkr-jx1w-77hn"},{"vulnerability":"VCID-5cxe-tjpb-3qan"},{"vulnerability":"VCID-5mnd-qvaq-k3am"},{"vulnerability":"VCID-71sv-62m4-z3er"},{"vulnerability":"VCID-7y4f-ef7t-47eb"},{"vulnerability":"VCID-83rt-3tyj-qbgx"},{"vulnerability":"VCID-8u2j-17a4-q7eh"},{"vulnerability":"VCID-9ca4-tbhq-27ad"},{"vulnerability":"VCID-9enr-b6zd-mbh8"},{"vulnerability":"VCID-akrv-yqnf-1kg8"},{"vulnerability":"VCID-azr5-12f8-hfbm"},{"vulnerability":"VCID-c2nk-y4rx-1qf4"},{"vulnerability":"VCID-chep-xthg-zuee"},{"vulnerability":"VCID-cys8-jnmu-77ec"},{"vulnerability":"VCID-dz26-b2ts-puep"},{"vulnerability":"VCID-e94m-mj1k-8kbr"},{"vulnerability":"VCID-eaxm-rjr7-xudb"},{"vulnerability":"VCID-ec34-nvn3-qbcb"},{"vulnerability":"VCID-efwv-r3nc-73h9"},{"vulnerability":"VCID-f7gc-cgka-tycr"},{"vulnerability":"VCID-fpea-e48p-kfbn"},{"vulnerability":"VCID-fpke-p7sz-nfc9"},{"vulnerability":"VCID-gzry-xtu5-ukhu"},{"vulnerability":"VCID-h6t5-pdp5-8qhe"},{"vulnerability":"VCID-hkp9-3hzv-quhk"},{"vulnerability":"VCID-hyct-5gap-7kdu"},{"vulnerability":"VCID-jeyh-3jxd-z3g6"},{"vulnerability":"VCID-jhen-vhqx-n7dr"},{"vulnerability":"VCID-jsfs-azcs-mfcm"},{"vulnerability":"VCID-jxet-d8ux-mkge"},{"vulnerability":"VCID-jxz8-g6fq-dubw"},{"vulnerability":"VCID-kbrc-85av-nfcn"},{"vulnerability":"VCID-m5rf-usae-yfb7"},{"vulnerability":"VCID-nmzu-mefv-tqeh"},{"vulnerability":"VCID-ppet-ruae-1kav"},{"vulnerability":"VCID-qq68-3j4y-47am"},{"vulnerability":"VCID-qwmy-d2e8-5khw"},{"vulnerability":"VCID-qywv-vf4r-8bh9"},{"vulnerability":"VCID-r5hp-5nju-9ubz"},{"vulnerability":"VCID-rb7c-3nkc-gkeg"},{"vulnerability":"VCID-rzq4-h1ms-nqef"},{"vulnerability":"VCID-sa99-8awj-eycd"},{"vulnerability":"VCID-twuy-wzb7-k7g3"},{"vulnerability":"VCID-tzjk-x116-ayge"},{"vulnerability":"VCID-vasz-rnn1-67ev"},{"vulnerability":"VCID-w9yn-1573-hyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.12"}],"aliases":["CVE-2023-2817","GHSA-7x94-jx75-3gh6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymw8-mvrz-e7bc"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.14"}