Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/craftcms/cms@2.6.2984
Typecomposer
Namespacecraftcms
Namecms
Version2.6.2984
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.17.12
Latest_non_vulnerable_version5.9.18
Affected_by_vulnerabilities
0
url VCID-118v-keeb-f7a6
vulnerability_id VCID-118v-keeb-f7a6
summary Craft CMS Cross-site Scripting Vulnerability
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32470
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56291
published_at 2026-06-12T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56172
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32470
1
reference_url https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security
2
reference_url https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32470
reference_id CVE-2021-32470
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32470
4
reference_url https://github.com/advisories/GHSA-h2rj-8wgg-mm43
reference_id GHSA-h2rj-8wgg-mm43
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h2rj-8wgg-mm43
fixed_packages
0
url pkg:composer/craftcms/cms@3.6.13
purl pkg:composer/craftcms/cms@3.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3asf-kngu-ybf6
1
vulnerability VCID-543c-646v-4yfj
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-8m8v-ymqs-fkh9
4
vulnerability VCID-9fqv-dg3y-wbbf
5
vulnerability VCID-9wmc-pstb-ykfq
6
vulnerability VCID-9yny-vu36-tyes
7
vulnerability VCID-a9bc-cgqq-jkfh
8
vulnerability VCID-ad7v-5hxr-s3a4
9
vulnerability VCID-aujg-14fc-1qeb
10
vulnerability VCID-cneu-aazx-byfq
11
vulnerability VCID-czuy-m8wp-fka2
12
vulnerability VCID-e4ep-2ng5-1kbm
13
vulnerability VCID-fs3m-av1v-fuf1
14
vulnerability VCID-grmm-88sf-wyd4
15
vulnerability VCID-hh13-6e1x-p7ez
16
vulnerability VCID-htqk-ckr5-jbcu
17
vulnerability VCID-jwj3-be5u-cfa6
18
vulnerability VCID-k8na-x3nm-hkav
19
vulnerability VCID-mhqg-hey8-6bee
20
vulnerability VCID-sdtn-nzaq-e3cb
21
vulnerability VCID-t37k-f7k1-gyhz
22
vulnerability VCID-vvej-1fex-kqdn
23
vulnerability VCID-wcsx-j8xk-r7c7
24
vulnerability VCID-x12b-mjr9-sba2
25
vulnerability VCID-x6d2-n97u-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.13
aliases CVE-2021-32470, GHSA-h2rj-8wgg-mm43
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-118v-keeb-f7a6
1
url VCID-3asf-kngu-ybf6
vulnerability_id VCID-3asf-kngu-ybf6
summary Improper account password reset in Craft CMS
references
0
reference_url http://packetstormsecurity.com/files/166989/Craft-CMS-3.7.36-Password-Reset-Poisoning-Attack.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/166989/Craft-CMS-3.7.36-Password-Reset-Poisoning-Attack.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29933
reference_id
reference_type
scores
0
value 0.02319
scoring_system epss
scoring_elements 0.85141
published_at 2026-06-11T12:55:00Z
1
value 0.02319
scoring_system epss
scoring_elements 0.85193
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29933
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md
reference_id
reference_type
scores
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md
3
reference_url https://sec-consult.com/vulnerability-lab
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://sec-consult.com/vulnerability-lab
4
reference_url https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms
5
reference_url https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms/
reference_id
reference_type
scores
url https://sec-consult.com/vulnerability-lab/advisory/password-reset-poisoning-attack-craft-cms/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29933
reference_id CVE-2022-29933
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29933
7
reference_url https://github.com/advisories/GHSA-5cjr-78cq-3wrg
reference_id GHSA-5cjr-78cq-3wrg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cjr-78cq-3wrg
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.36
purl pkg:composer/craftcms/cms@3.7.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3asf-kngu-ybf6
1
vulnerability VCID-543c-646v-4yfj
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-8m8v-ymqs-fkh9
4
vulnerability VCID-9fqv-dg3y-wbbf
5
vulnerability VCID-9yny-vu36-tyes
6
vulnerability VCID-a9bc-cgqq-jkfh
7
vulnerability VCID-ad7v-5hxr-s3a4
8
vulnerability VCID-aujg-14fc-1qeb
9
vulnerability VCID-cneu-aazx-byfq
10
vulnerability VCID-czuy-m8wp-fka2
11
vulnerability VCID-e4ep-2ng5-1kbm
12
vulnerability VCID-fs3m-av1v-fuf1
13
vulnerability VCID-grmm-88sf-wyd4
14
vulnerability VCID-hh13-6e1x-p7ez
15
vulnerability VCID-htqk-ckr5-jbcu
16
vulnerability VCID-mhqg-hey8-6bee
17
vulnerability VCID-t37k-f7k1-gyhz
18
vulnerability VCID-vvej-1fex-kqdn
19
vulnerability VCID-wcsx-j8xk-r7c7
20
vulnerability VCID-x12b-mjr9-sba2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.36
1
url pkg:composer/craftcms/cms@3.7.37
purl pkg:composer/craftcms/cms@3.7.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-543c-646v-4yfj
1
vulnerability VCID-8kdh-rvh3-4yfv
2
vulnerability VCID-8m8v-ymqs-fkh9
3
vulnerability VCID-9fqv-dg3y-wbbf
4
vulnerability VCID-9yny-vu36-tyes
5
vulnerability VCID-a9bc-cgqq-jkfh
6
vulnerability VCID-ad7v-5hxr-s3a4
7
vulnerability VCID-aujg-14fc-1qeb
8
vulnerability VCID-cneu-aazx-byfq
9
vulnerability VCID-czuy-m8wp-fka2
10
vulnerability VCID-e4ep-2ng5-1kbm
11
vulnerability VCID-fs3m-av1v-fuf1
12
vulnerability VCID-grmm-88sf-wyd4
13
vulnerability VCID-hh13-6e1x-p7ez
14
vulnerability VCID-htqk-ckr5-jbcu
15
vulnerability VCID-mhqg-hey8-6bee
16
vulnerability VCID-t37k-f7k1-gyhz
17
vulnerability VCID-vvej-1fex-kqdn
18
vulnerability VCID-wcsx-j8xk-r7c7
19
vulnerability VCID-x12b-mjr9-sba2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.37
aliases CVE-2022-29933, GHSA-5cjr-78cq-3wrg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3asf-kngu-ybf6
2
url VCID-8qus-7xen-hubb
vulnerability_id VCID-8qus-7xen-hubb
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
reference_id
reference_type
scores
0
value 0.94276
scoring_system epss
scoring_elements 0.99941
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
1
reference_url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
2
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
3
reference_url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
4
reference_url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
5
reference_url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
7
reference_url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
reference_id GHSA-6q4j-8pjm-5mgc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
fixed_packages
0
url pkg:composer/craftcms/cms@3.3.0
purl pkg:composer/craftcms/cms@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-118v-keeb-f7a6
1
vulnerability VCID-3asf-kngu-ybf6
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-9fqv-dg3y-wbbf
4
vulnerability VCID-9yny-vu36-tyes
5
vulnerability VCID-a9bc-cgqq-jkfh
6
vulnerability VCID-ad7v-5hxr-s3a4
7
vulnerability VCID-aujg-14fc-1qeb
8
vulnerability VCID-cneu-aazx-byfq
9
vulnerability VCID-czuy-m8wp-fka2
10
vulnerability VCID-e4ep-2ng5-1kbm
11
vulnerability VCID-fs3m-av1v-fuf1
12
vulnerability VCID-g7s1-n3qt-b3au
13
vulnerability VCID-hh13-6e1x-p7ez
14
vulnerability VCID-jwj3-be5u-cfa6
15
vulnerability VCID-k8na-x3nm-hkav
16
vulnerability VCID-mhqg-hey8-6bee
17
vulnerability VCID-nfvy-nma3-6qbp
18
vulnerability VCID-pdt2-ckb1-z3a8
19
vulnerability VCID-sdtn-nzaq-e3cb
20
vulnerability VCID-t37k-f7k1-gyhz
21
vulnerability VCID-vvej-1fex-kqdn
22
vulnerability VCID-wcsx-j8xk-r7c7
23
vulnerability VCID-x12b-mjr9-sba2
24
vulnerability VCID-x6d2-n97u-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.0
aliases CVE-2020-9757, GHSA-6q4j-8pjm-5mgc
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qus-7xen-hubb
3
url VCID-9yny-vu36-tyes
vulnerability_id VCID-9yny-vu36-tyes
summary Craft CMS through 4.4.9 is vulnerable to HTML Injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33495
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.37962
published_at 2026-06-12T12:55:00Z
1
value 0.00168
scoring_system epss
scoring_elements 0.37785
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33495
1
reference_url https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33495
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33495
3
reference_url https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
reference_id 03-Testing_for_HTML_Injection
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/
url https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
4
reference_url https://github.com/advisories/GHSA-m3v5-gjj9-rg24
reference_id GHSA-m3v5-gjj9-rg24
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3v5-gjj9-rg24
5
reference_url https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212
reference_id html-injection-in-craft-cms-application-e2b28f746212
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:12:01Z/
url https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.10
purl pkg:composer/craftcms/cms@4.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12yx-3kck-s7dp
1
vulnerability VCID-16h7-f3pe-8qh8
2
vulnerability VCID-25ym-rhky-wbaq
3
vulnerability VCID-543c-646v-4yfj
4
vulnerability VCID-5qkr-aqmx-8qau
5
vulnerability VCID-5r6n-351z-2ybh
6
vulnerability VCID-726q-jfsa-9qdz
7
vulnerability VCID-76k8-sveq-3qbf
8
vulnerability VCID-8kdh-rvh3-4yfv
9
vulnerability VCID-8m8v-ymqs-fkh9
10
vulnerability VCID-8rkv-wfha-n7hb
11
vulnerability VCID-a9bc-cgqq-jkfh
12
vulnerability VCID-b25s-j3du-sfg5
13
vulnerability VCID-bn85-sts4-5ygq
14
vulnerability VCID-br1f-q8nk-v7b3
15
vulnerability VCID-c38g-6ttm-yuep
16
vulnerability VCID-czuy-m8wp-fka2
17
vulnerability VCID-e3k3-fp6t-kycw
18
vulnerability VCID-e9qn-ar3q-g3e4
19
vulnerability VCID-eypa-1c6q-tfau
20
vulnerability VCID-fs3m-av1v-fuf1
21
vulnerability VCID-g637-7ns6-kyhj
22
vulnerability VCID-gjvb-ht1w-s3hm
23
vulnerability VCID-gp2d-vv3n-euda
24
vulnerability VCID-grmm-88sf-wyd4
25
vulnerability VCID-hh13-6e1x-p7ez
26
vulnerability VCID-htqk-ckr5-jbcu
27
vulnerability VCID-j1d4-j44f-yqh9
28
vulnerability VCID-j6wk-k1jb-jfd5
29
vulnerability VCID-j8qq-yre6-4bfx
30
vulnerability VCID-kb3b-8hqt-nqfj
31
vulnerability VCID-mhqg-hey8-6bee
32
vulnerability VCID-nep2-e16y-9yg4
33
vulnerability VCID-nhab-uyen-ayhq
34
vulnerability VCID-p8kk-e27s-n7cs
35
vulnerability VCID-pfwt-hxpb-4ub8
36
vulnerability VCID-py3b-5ps7-7fe3
37
vulnerability VCID-qmcc-3ued-m7gk
38
vulnerability VCID-qrmg-jky7-87cb
39
vulnerability VCID-r47n-36pn-cbe4
40
vulnerability VCID-rezz-ka5s-hyg2
41
vulnerability VCID-smdx-nfbs-2qbx
42
vulnerability VCID-tfc8-rkdd-53f7
43
vulnerability VCID-vrpf-parp-7kgr
44
vulnerability VCID-wcsx-j8xk-r7c7
45
vulnerability VCID-wnr9-2wyr-wug4
46
vulnerability VCID-x12b-mjr9-sba2
47
vulnerability VCID-x1w2-ytck-17bn
48
vulnerability VCID-y2ya-ys74-vqbv
49
vulnerability VCID-yc89-41eq-b3eh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.10
aliases CVE-2023-33495, GHSA-m3v5-gjj9-rg24
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9yny-vu36-tyes
4
url VCID-ad7v-5hxr-s3a4
vulnerability_id VCID-ad7v-5hxr-s3a4
summary Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33197
reference_id
reference_type
scores
0
value 0.00848
scoring_system epss
scoring_elements 0.75298
published_at 2026-06-11T12:55:00Z
1
value 0.00848
scoring_system epss
scoring_elements 0.75368
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33197
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33197
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33197
2
reference_url https://github.com/craftcms/cms/releases/tag/4.4.6
reference_id 4.4.6
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/
url https://github.com/craftcms/cms/releases/tag/4.4.6
3
reference_url https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766
reference_id 8c2ad0bd313015b8ee42326af2848ee748f1d766
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/
url https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766
4
reference_url https://github.com/advisories/GHSA-6qjx-787v-6pxr
reference_id GHSA-6qjx-787v-6pxr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qjx-787v-6pxr
5
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr
reference_id GHSA-6qjx-787v-6pxr
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:32:08Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.6
purl pkg:composer/craftcms/cms@4.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12yx-3kck-s7dp
1
vulnerability VCID-16h7-f3pe-8qh8
2
vulnerability VCID-25ym-rhky-wbaq
3
vulnerability VCID-543c-646v-4yfj
4
vulnerability VCID-5qkr-aqmx-8qau
5
vulnerability VCID-5r6n-351z-2ybh
6
vulnerability VCID-726q-jfsa-9qdz
7
vulnerability VCID-76k8-sveq-3qbf
8
vulnerability VCID-8kdh-rvh3-4yfv
9
vulnerability VCID-8m8v-ymqs-fkh9
10
vulnerability VCID-8rkv-wfha-n7hb
11
vulnerability VCID-9krv-seyq-juez
12
vulnerability VCID-9yny-vu36-tyes
13
vulnerability VCID-a9bc-cgqq-jkfh
14
vulnerability VCID-b25s-j3du-sfg5
15
vulnerability VCID-bn85-sts4-5ygq
16
vulnerability VCID-br1f-q8nk-v7b3
17
vulnerability VCID-c38g-6ttm-yuep
18
vulnerability VCID-czuy-m8wp-fka2
19
vulnerability VCID-e3k3-fp6t-kycw
20
vulnerability VCID-e9qn-ar3q-g3e4
21
vulnerability VCID-eypa-1c6q-tfau
22
vulnerability VCID-fs3m-av1v-fuf1
23
vulnerability VCID-g637-7ns6-kyhj
24
vulnerability VCID-gjvb-ht1w-s3hm
25
vulnerability VCID-gp2d-vv3n-euda
26
vulnerability VCID-grmm-88sf-wyd4
27
vulnerability VCID-hh13-6e1x-p7ez
28
vulnerability VCID-htqk-ckr5-jbcu
29
vulnerability VCID-j1d4-j44f-yqh9
30
vulnerability VCID-j6wk-k1jb-jfd5
31
vulnerability VCID-j8qq-yre6-4bfx
32
vulnerability VCID-kb3b-8hqt-nqfj
33
vulnerability VCID-mhqg-hey8-6bee
34
vulnerability VCID-nep2-e16y-9yg4
35
vulnerability VCID-nhab-uyen-ayhq
36
vulnerability VCID-p8kk-e27s-n7cs
37
vulnerability VCID-pfwt-hxpb-4ub8
38
vulnerability VCID-py3b-5ps7-7fe3
39
vulnerability VCID-qmcc-3ued-m7gk
40
vulnerability VCID-qrmg-jky7-87cb
41
vulnerability VCID-r47n-36pn-cbe4
42
vulnerability VCID-rezz-ka5s-hyg2
43
vulnerability VCID-smdx-nfbs-2qbx
44
vulnerability VCID-tfc8-rkdd-53f7
45
vulnerability VCID-vrpf-parp-7kgr
46
vulnerability VCID-wcsx-j8xk-r7c7
47
vulnerability VCID-wnr9-2wyr-wug4
48
vulnerability VCID-x12b-mjr9-sba2
49
vulnerability VCID-x1w2-ytck-17bn
50
vulnerability VCID-y2ya-ys74-vqbv
51
vulnerability VCID-yc89-41eq-b3eh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.6
aliases CVE-2023-33197, GHSA-6qjx-787v-6pxr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad7v-5hxr-s3a4
5
url VCID-aujg-14fc-1qeb
vulnerability_id VCID-aujg-14fc-1qeb
summary CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30177
reference_id
reference_type
scores
0
value 0.00338
scoring_system epss
scoring_elements 0.57073
published_at 2026-06-12T12:55:00Z
1
value 0.00338
scoring_system epss
scoring_elements 0.56954
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30177
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30177
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30177
2
reference_url https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e
reference_id 00fb253d5318e10204433e5d93934108e574005e
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T17:24:49Z/
url https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e
3
reference_url https://github.com/advisories/GHSA-wv7j-rc2q-9j67
reference_id GHSA-wv7j-rc2q-9j67
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wv7j-rc2q-9j67
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.68
purl pkg:composer/craftcms/cms@3.7.68
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-543c-646v-4yfj
1
vulnerability VCID-8kdh-rvh3-4yfv
2
vulnerability VCID-8m8v-ymqs-fkh9
3
vulnerability VCID-9fqv-dg3y-wbbf
4
vulnerability VCID-9yny-vu36-tyes
5
vulnerability VCID-a9bc-cgqq-jkfh
6
vulnerability VCID-ad7v-5hxr-s3a4
7
vulnerability VCID-cneu-aazx-byfq
8
vulnerability VCID-czuy-m8wp-fka2
9
vulnerability VCID-e4ep-2ng5-1kbm
10
vulnerability VCID-fs3m-av1v-fuf1
11
vulnerability VCID-grmm-88sf-wyd4
12
vulnerability VCID-hh13-6e1x-p7ez
13
vulnerability VCID-htqk-ckr5-jbcu
14
vulnerability VCID-mhqg-hey8-6bee
15
vulnerability VCID-vvej-1fex-kqdn
16
vulnerability VCID-wcsx-j8xk-r7c7
17
vulnerability VCID-x12b-mjr9-sba2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.68
aliases CVE-2023-30177, GHSA-wv7j-rc2q-9j67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aujg-14fc-1qeb
6
url VCID-cneu-aazx-byfq
vulnerability_id VCID-cneu-aazx-byfq
summary CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30179
reference_id
reference_type
scores
0
value 0.05499
scoring_system epss
scoring_elements 0.90431
published_at 2026-06-11T12:55:00Z
1
value 0.05499
scoring_system epss
scoring_elements 0.90462
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30179
1
reference_url https://github.com/github/advisory-database/pull/2443
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/2443
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30179
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30179
3
reference_url https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714
reference_id 2443#issuecomment-1610040714
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/
url https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714
4
reference_url https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200
reference_id 2443#issuecomment-1610634200
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/
url https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200
5
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14
reference_id CHANGELOG.md#442---2023-03-14
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14
6
reference_url https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection
reference_id cve-2023-30179-server-side-template-injection
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T20:04:19Z/
url https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection
7
reference_url https://github.com/advisories/GHSA-3x74-v64j-qc3f
reference_id GHSA-3x74-v64j-qc3f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x74-v64j-qc3f
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.2
purl pkg:composer/craftcms/cms@4.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12yx-3kck-s7dp
1
vulnerability VCID-16h7-f3pe-8qh8
2
vulnerability VCID-25ym-rhky-wbaq
3
vulnerability VCID-543c-646v-4yfj
4
vulnerability VCID-5qkr-aqmx-8qau
5
vulnerability VCID-5r6n-351z-2ybh
6
vulnerability VCID-726q-jfsa-9qdz
7
vulnerability VCID-76k8-sveq-3qbf
8
vulnerability VCID-8kdh-rvh3-4yfv
9
vulnerability VCID-8m8v-ymqs-fkh9
10
vulnerability VCID-8rkv-wfha-n7hb
11
vulnerability VCID-9fqv-dg3y-wbbf
12
vulnerability VCID-9krv-seyq-juez
13
vulnerability VCID-9yny-vu36-tyes
14
vulnerability VCID-a9bc-cgqq-jkfh
15
vulnerability VCID-ad7v-5hxr-s3a4
16
vulnerability VCID-b25s-j3du-sfg5
17
vulnerability VCID-bn85-sts4-5ygq
18
vulnerability VCID-br1f-q8nk-v7b3
19
vulnerability VCID-c38g-6ttm-yuep
20
vulnerability VCID-czuy-m8wp-fka2
21
vulnerability VCID-e3k3-fp6t-kycw
22
vulnerability VCID-e9qn-ar3q-g3e4
23
vulnerability VCID-eypa-1c6q-tfau
24
vulnerability VCID-fs3m-av1v-fuf1
25
vulnerability VCID-g637-7ns6-kyhj
26
vulnerability VCID-gjvb-ht1w-s3hm
27
vulnerability VCID-gp2d-vv3n-euda
28
vulnerability VCID-grmm-88sf-wyd4
29
vulnerability VCID-h3za-7cd7-vkav
30
vulnerability VCID-hh13-6e1x-p7ez
31
vulnerability VCID-htqk-ckr5-jbcu
32
vulnerability VCID-j1d4-j44f-yqh9
33
vulnerability VCID-j6wk-k1jb-jfd5
34
vulnerability VCID-j8qq-yre6-4bfx
35
vulnerability VCID-kb3b-8hqt-nqfj
36
vulnerability VCID-mhqg-hey8-6bee
37
vulnerability VCID-nep2-e16y-9yg4
38
vulnerability VCID-nhab-uyen-ayhq
39
vulnerability VCID-p8kk-e27s-n7cs
40
vulnerability VCID-pfwt-hxpb-4ub8
41
vulnerability VCID-py3b-5ps7-7fe3
42
vulnerability VCID-qmcc-3ued-m7gk
43
vulnerability VCID-qrmg-jky7-87cb
44
vulnerability VCID-r47n-36pn-cbe4
45
vulnerability VCID-rezz-ka5s-hyg2
46
vulnerability VCID-smdx-nfbs-2qbx
47
vulnerability VCID-tf8p-xrne-8qfg
48
vulnerability VCID-tfc8-rkdd-53f7
49
vulnerability VCID-vrpf-parp-7kgr
50
vulnerability VCID-vvej-1fex-kqdn
51
vulnerability VCID-wcsx-j8xk-r7c7
52
vulnerability VCID-wnr9-2wyr-wug4
53
vulnerability VCID-x12b-mjr9-sba2
54
vulnerability VCID-x1w2-ytck-17bn
55
vulnerability VCID-y2ya-ys74-vqbv
56
vulnerability VCID-yc89-41eq-b3eh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.2
aliases CVE-2023-30179, GHSA-3x74-v64j-qc3f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cneu-aazx-byfq
7
url VCID-e4ep-2ng5-1kbm
vulnerability_id VCID-e4ep-2ng5-1kbm
summary An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30130
reference_id
reference_type
scores
0
value 0.07135
scoring_system epss
scoring_elements 0.91742
published_at 2026-06-11T12:55:00Z
1
value 0.07135
scoring_system epss
scoring_elements 0.91771
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30130
1
reference_url https://craftcms.com
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://craftcms.com
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30130
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30130
3
reference_url https://craftcms.com/
reference_id craftcms.com
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T16:00:57Z/
url https://craftcms.com/
4
reference_url https://github.com/advisories/GHSA-fjx5-xm7q-whvj
reference_id GHSA-fjx5-xm7q-whvj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fjx5-xm7q-whvj
5
reference_url https://tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1
reference_id server-site-template-injection-on-craftcms-3.8.1
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T16:00:57Z/
url https://tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1
fixed_packages
0
url pkg:composer/craftcms/cms@3.8.2
purl pkg:composer/craftcms/cms@3.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-543c-646v-4yfj
1
vulnerability VCID-8kdh-rvh3-4yfv
2
vulnerability VCID-8m8v-ymqs-fkh9
3
vulnerability VCID-9fqv-dg3y-wbbf
4
vulnerability VCID-9yny-vu36-tyes
5
vulnerability VCID-a9bc-cgqq-jkfh
6
vulnerability VCID-ad7v-5hxr-s3a4
7
vulnerability VCID-cneu-aazx-byfq
8
vulnerability VCID-czuy-m8wp-fka2
9
vulnerability VCID-fs3m-av1v-fuf1
10
vulnerability VCID-grmm-88sf-wyd4
11
vulnerability VCID-hh13-6e1x-p7ez
12
vulnerability VCID-htqk-ckr5-jbcu
13
vulnerability VCID-mhqg-hey8-6bee
14
vulnerability VCID-vvej-1fex-kqdn
15
vulnerability VCID-wcsx-j8xk-r7c7
16
vulnerability VCID-x12b-mjr9-sba2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.2
aliases CVE-2023-30130, GHSA-fjx5-xm7q-whvj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ep-2ng5-1kbm
8
url VCID-fs3m-av1v-fuf1
vulnerability_id VCID-fs3m-av1v-fuf1
summary Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at '/var/lib/php/sessions'. Such session files are named 'sess_[session_value]', where '[session_value]' is provided to the client in a 'Set-Cookie' response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-35939
reference_id
reference_type
scores
0
value 0.39398
scoring_system epss
scoring_elements 0.9739
published_at 2026-06-11T12:55:00Z
1
value 0.39398
scoring_system epss
scoring_elements 0.97398
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-35939
1
reference_url https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-35939
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-35939
3
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939
4
reference_url https://github.com/craftcms/cms/pull/17220
reference_id 17220
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
url https://github.com/craftcms/cms/pull/17220
5
reference_url https://github.com/craftcms/cms/releases/tag/4.15.3
reference_id 4.15.3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
url https://github.com/craftcms/cms/releases/tag/4.15.3
6
reference_url https://github.com/craftcms/cms/releases/tag/5.7.5
reference_id 5.7.5
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
url https://github.com/craftcms/cms/releases/tag/5.7.5
7
reference_url https://www.cve.org/CVERecord?id=CVE-2025-35939
reference_id CVERecord?id=CVE-2025-35939
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
url https://www.cve.org/CVERecord?id=CVE-2025-35939
8
reference_url https://github.com/advisories/GHSA-7vrx-9684-xrf2
reference_id GHSA-7vrx-9684-xrf2
reference_type
scores
url https://github.com/advisories/GHSA-7vrx-9684-xrf2
9
reference_url https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json
reference_id va-25-147-01.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/
6
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/
url https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json
fixed_packages
0
url pkg:composer/craftcms/cms@4.15.3
purl pkg:composer/craftcms/cms@4.15.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12yx-3kck-s7dp
1
vulnerability VCID-16h7-f3pe-8qh8
2
vulnerability VCID-1c7e-bv58-33ax
3
vulnerability VCID-25ym-rhky-wbaq
4
vulnerability VCID-543c-646v-4yfj
5
vulnerability VCID-5qkr-aqmx-8qau
6
vulnerability VCID-5r6n-351z-2ybh
7
vulnerability VCID-726q-jfsa-9qdz
8
vulnerability VCID-76k8-sveq-3qbf
9
vulnerability VCID-7mph-yq7h-5yb8
10
vulnerability VCID-8kdh-rvh3-4yfv
11
vulnerability VCID-8m8v-ymqs-fkh9
12
vulnerability VCID-8rkv-wfha-n7hb
13
vulnerability VCID-9yzy-78sh-xydu
14
vulnerability VCID-b25s-j3du-sfg5
15
vulnerability VCID-bn85-sts4-5ygq
16
vulnerability VCID-br1f-q8nk-v7b3
17
vulnerability VCID-bsh8-7q16-t7e4
18
vulnerability VCID-e3k3-fp6t-kycw
19
vulnerability VCID-e9qn-ar3q-g3e4
20
vulnerability VCID-f67g-n9d6-pkb5
21
vulnerability VCID-g637-7ns6-kyhj
22
vulnerability VCID-gp2d-vv3n-euda
23
vulnerability VCID-grmm-88sf-wyd4
24
vulnerability VCID-j1d4-j44f-yqh9
25
vulnerability VCID-j6wk-k1jb-jfd5
26
vulnerability VCID-j8qq-yre6-4bfx
27
vulnerability VCID-nep2-e16y-9yg4
28
vulnerability VCID-nhab-uyen-ayhq
29
vulnerability VCID-p8kk-e27s-n7cs
30
vulnerability VCID-py3b-5ps7-7fe3
31
vulnerability VCID-qmcc-3ued-m7gk
32
vulnerability VCID-qrmg-jky7-87cb
33
vulnerability VCID-r47n-36pn-cbe4
34
vulnerability VCID-rezz-ka5s-hyg2
35
vulnerability VCID-smdx-nfbs-2qbx
36
vulnerability VCID-tfc8-rkdd-53f7
37
vulnerability VCID-vrpf-parp-7kgr
38
vulnerability VCID-wnr9-2wyr-wug4
39
vulnerability VCID-x1w2-ytck-17bn
40
vulnerability VCID-y2ya-ys74-vqbv
41
vulnerability VCID-yc89-41eq-b3eh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.15.3
1
url pkg:composer/craftcms/cms@5.7.5
purl pkg:composer/craftcms/cms@5.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12yx-3kck-s7dp
1
vulnerability VCID-16h7-f3pe-8qh8
2
vulnerability VCID-1c7e-bv58-33ax
3
vulnerability VCID-25ym-rhky-wbaq
4
vulnerability VCID-543c-646v-4yfj
5
vulnerability VCID-5qkr-aqmx-8qau
6
vulnerability VCID-5r6n-351z-2ybh
7
vulnerability VCID-6bwp-2ksu-xucy
8
vulnerability VCID-726q-jfsa-9qdz
9
vulnerability VCID-76k8-sveq-3qbf
10
vulnerability VCID-7mph-yq7h-5yb8
11
vulnerability VCID-8kdh-rvh3-4yfv
12
vulnerability VCID-8m8v-ymqs-fkh9
13
vulnerability VCID-8rkv-wfha-n7hb
14
vulnerability VCID-9yzy-78sh-xydu
15
vulnerability VCID-b25s-j3du-sfg5
16
vulnerability VCID-bn85-sts4-5ygq
17
vulnerability VCID-bsh8-7q16-t7e4
18
vulnerability VCID-e3k3-fp6t-kycw
19
vulnerability VCID-e9qn-ar3q-g3e4
20
vulnerability VCID-f67g-n9d6-pkb5
21
vulnerability VCID-g637-7ns6-kyhj
22
vulnerability VCID-gp2d-vv3n-euda
23
vulnerability VCID-grmm-88sf-wyd4
24
vulnerability VCID-h9fr-63qv-bffn
25
vulnerability VCID-j1d4-j44f-yqh9
26
vulnerability VCID-j6wk-k1jb-jfd5
27
vulnerability VCID-j8qq-yre6-4bfx
28
vulnerability VCID-nep2-e16y-9yg4
29
vulnerability VCID-nhab-uyen-ayhq
30
vulnerability VCID-p8kk-e27s-n7cs
31
vulnerability VCID-py3b-5ps7-7fe3
32
vulnerability VCID-qmcc-3ued-m7gk
33
vulnerability VCID-qr5e-wjjt-zudz
34
vulnerability VCID-qrmg-jky7-87cb
35
vulnerability VCID-r47n-36pn-cbe4
36
vulnerability VCID-rezz-ka5s-hyg2
37
vulnerability VCID-smdx-nfbs-2qbx
38
vulnerability VCID-sswc-d2f8-zyc9
39
vulnerability VCID-tfc8-rkdd-53f7
40
vulnerability VCID-tte6-fheg-g7hg
41
vulnerability VCID-up4q-hz23-vkcn
42
vulnerability VCID-uxc7-pe63-2khp
43
vulnerability VCID-vj1t-r17b-rufc
44
vulnerability VCID-vrpf-parp-7kgr
45
vulnerability VCID-wnr9-2wyr-wug4
46
vulnerability VCID-x1w2-ytck-17bn
47
vulnerability VCID-y2ya-ys74-vqbv
48
vulnerability VCID-yc89-41eq-b3eh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.7.5
aliases CVE-2025-35939, GHSA-7vrx-9684-xrf2
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fs3m-av1v-fuf1
9
url VCID-g7s1-n3qt-b3au
vulnerability_id VCID-g7s1-n3qt-b3au
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27903
reference_id
reference_type
scores
0
value 0.03824
scoring_system epss
scoring_elements 0.88398
published_at 2026-06-11T12:55:00Z
1
value 0.03824
scoring_system epss
scoring_elements 0.88437
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27903
1
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security
3
reference_url https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27903
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27903
5
reference_url https://github.com/advisories/GHSA-x2j7-6hxm-87p3
reference_id GHSA-x2j7-6hxm-87p3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2j7-6hxm-87p3
fixed_packages
0
url pkg:composer/craftcms/cms@3.6.7
purl pkg:composer/craftcms/cms@3.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-118v-keeb-f7a6
1
vulnerability VCID-3asf-kngu-ybf6
2
vulnerability VCID-543c-646v-4yfj
3
vulnerability VCID-8kdh-rvh3-4yfv
4
vulnerability VCID-8m8v-ymqs-fkh9
5
vulnerability VCID-9fqv-dg3y-wbbf
6
vulnerability VCID-9wmc-pstb-ykfq
7
vulnerability VCID-9yny-vu36-tyes
8
vulnerability VCID-a9bc-cgqq-jkfh
9
vulnerability VCID-ad7v-5hxr-s3a4
10
vulnerability VCID-aujg-14fc-1qeb
11
vulnerability VCID-cneu-aazx-byfq
12
vulnerability VCID-czuy-m8wp-fka2
13
vulnerability VCID-e4ep-2ng5-1kbm
14
vulnerability VCID-fs3m-av1v-fuf1
15
vulnerability VCID-grmm-88sf-wyd4
16
vulnerability VCID-hh13-6e1x-p7ez
17
vulnerability VCID-htqk-ckr5-jbcu
18
vulnerability VCID-jwj3-be5u-cfa6
19
vulnerability VCID-k8na-x3nm-hkav
20
vulnerability VCID-mhqg-hey8-6bee
21
vulnerability VCID-sdtn-nzaq-e3cb
22
vulnerability VCID-t37k-f7k1-gyhz
23
vulnerability VCID-vvej-1fex-kqdn
24
vulnerability VCID-wcsx-j8xk-r7c7
25
vulnerability VCID-x12b-mjr9-sba2
26
vulnerability VCID-x6d2-n97u-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.7
aliases CVE-2021-27903, GHSA-x2j7-6hxm-87p3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7s1-n3qt-b3au
10
url VCID-hh13-6e1x-p7ez
vulnerability_id VCID-hh13-6e1x-p7ez
summary A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2817
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56903
published_at 2026-06-11T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.57024
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2817
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2817
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2817
2
reference_url https://www.tenable.com/security/research/tra-2023-20
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/research/tra-2023-20
3
reference_url https://www.tenable.com/security/research/tra-2023-20,
reference_id
reference_type
scores
url https://www.tenable.com/security/research/tra-2023-20,
4
reference_url https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb
reference_id 7655e1009ba6cdbfb230e6bb138b775b69fc7bcb
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/
url https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb
5
reference_url https://github.com/advisories/GHSA-7x94-jx75-3gh6
reference_id GHSA-7x94-jx75-3gh6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7x94-jx75-3gh6
6
reference_url https://www.tenable.com/security/research/tra-2023-20%2C
reference_id tra-2023-20%2C
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:47:46Z/
url https://www.tenable.com/security/research/tra-2023-20%2C
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.12
purl pkg:composer/craftcms/cms@4.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12yx-3kck-s7dp
1
vulnerability VCID-16h7-f3pe-8qh8
2
vulnerability VCID-25ym-rhky-wbaq
3
vulnerability VCID-543c-646v-4yfj
4
vulnerability VCID-5qkr-aqmx-8qau
5
vulnerability VCID-5r6n-351z-2ybh
6
vulnerability VCID-726q-jfsa-9qdz
7
vulnerability VCID-76k8-sveq-3qbf
8
vulnerability VCID-8kdh-rvh3-4yfv
9
vulnerability VCID-8m8v-ymqs-fkh9
10
vulnerability VCID-8rkv-wfha-n7hb
11
vulnerability VCID-a9bc-cgqq-jkfh
12
vulnerability VCID-b25s-j3du-sfg5
13
vulnerability VCID-bn85-sts4-5ygq
14
vulnerability VCID-br1f-q8nk-v7b3
15
vulnerability VCID-c38g-6ttm-yuep
16
vulnerability VCID-czuy-m8wp-fka2
17
vulnerability VCID-e3k3-fp6t-kycw
18
vulnerability VCID-e9qn-ar3q-g3e4
19
vulnerability VCID-eypa-1c6q-tfau
20
vulnerability VCID-fs3m-av1v-fuf1
21
vulnerability VCID-g637-7ns6-kyhj
22
vulnerability VCID-gjvb-ht1w-s3hm
23
vulnerability VCID-gp2d-vv3n-euda
24
vulnerability VCID-grmm-88sf-wyd4
25
vulnerability VCID-htqk-ckr5-jbcu
26
vulnerability VCID-j1d4-j44f-yqh9
27
vulnerability VCID-j6wk-k1jb-jfd5
28
vulnerability VCID-j8qq-yre6-4bfx
29
vulnerability VCID-kb3b-8hqt-nqfj
30
vulnerability VCID-mhqg-hey8-6bee
31
vulnerability VCID-nep2-e16y-9yg4
32
vulnerability VCID-nhab-uyen-ayhq
33
vulnerability VCID-p8kk-e27s-n7cs
34
vulnerability VCID-pfwt-hxpb-4ub8
35
vulnerability VCID-py3b-5ps7-7fe3
36
vulnerability VCID-qmcc-3ued-m7gk
37
vulnerability VCID-qrmg-jky7-87cb
38
vulnerability VCID-r47n-36pn-cbe4
39
vulnerability VCID-rezz-ka5s-hyg2
40
vulnerability VCID-smdx-nfbs-2qbx
41
vulnerability VCID-tfc8-rkdd-53f7
42
vulnerability VCID-vrpf-parp-7kgr
43
vulnerability VCID-wcsx-j8xk-r7c7
44
vulnerability VCID-wnr9-2wyr-wug4
45
vulnerability VCID-x12b-mjr9-sba2
46
vulnerability VCID-x1w2-ytck-17bn
47
vulnerability VCID-y2ya-ys74-vqbv
48
vulnerability VCID-yc89-41eq-b3eh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.12
aliases CVE-2023-2817, GHSA-7x94-jx75-3gh6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hh13-6e1x-p7ez
11
url VCID-k8na-x3nm-hkav
vulnerability_id VCID-k8na-x3nm-hkav
summary Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37843
reference_id
reference_type
scores
0
value 0.89433
scoring_system epss
scoring_elements 0.99568
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37843
1
reference_url https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql
reference_id craft-cms-unauthenticated-sqli-via-graphql
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-12T22:53:54Z/
url https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37843
reference_id CVE-2024-37843
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37843
3
reference_url https://github.com/advisories/GHSA-hq4f-mv3q-8wcv
reference_id GHSA-hq4f-mv3q-8wcv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq4f-mv3q-8wcv
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.32
purl pkg:composer/craftcms/cms@3.7.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3asf-kngu-ybf6
1
vulnerability VCID-543c-646v-4yfj
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-8m8v-ymqs-fkh9
4
vulnerability VCID-9fqv-dg3y-wbbf
5
vulnerability VCID-9yny-vu36-tyes
6
vulnerability VCID-a9bc-cgqq-jkfh
7
vulnerability VCID-ad7v-5hxr-s3a4
8
vulnerability VCID-aujg-14fc-1qeb
9
vulnerability VCID-cneu-aazx-byfq
10
vulnerability VCID-czuy-m8wp-fka2
11
vulnerability VCID-e4ep-2ng5-1kbm
12
vulnerability VCID-fs3m-av1v-fuf1
13
vulnerability VCID-grmm-88sf-wyd4
14
vulnerability VCID-hh13-6e1x-p7ez
15
vulnerability VCID-htqk-ckr5-jbcu
16
vulnerability VCID-jwj3-be5u-cfa6
17
vulnerability VCID-mhqg-hey8-6bee
18
vulnerability VCID-t37k-f7k1-gyhz
19
vulnerability VCID-vvej-1fex-kqdn
20
vulnerability VCID-wcsx-j8xk-r7c7
21
vulnerability VCID-x12b-mjr9-sba2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.32
aliases CVE-2024-37843, GHSA-hq4f-mv3q-8wcv
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8na-x3nm-hkav
12
url VCID-k9fu-3c3w-eubw
vulnerability_id VCID-k9fu-3c3w-eubw
summary Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36259
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.25249
published_at 2026-06-12T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.25051
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36259
1
reference_url https://github.com/sjelfull/craft-audit
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sjelfull/craft-audit
2
reference_url https://github.com/sjelfull/craft-audit/commit/c2888aa48457f24696ac0a2ba4f54f39e5c672ed
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sjelfull/craft-audit/commit/c2888aa48457f24696ac0a2ba4f54f39e5c672ed
3
reference_url https://github.com/sjelfull/craft-audit/pull/73
reference_id 73
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:02Z/
url https://github.com/sjelfull/craft-audit/pull/73
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36259
reference_id CVE-2023-36259
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36259
5
reference_url https://github.com/advisories/GHSA-v89q-c273-3p42
reference_id GHSA-v89q-c273-3p42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v89q-c273-3p42
6
reference_url https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
reference_id ?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:02Z/
url https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
fixed_packages
0
url pkg:composer/craftcms/cms@3.0.2
purl pkg:composer/craftcms/cms@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-118v-keeb-f7a6
1
vulnerability VCID-3asf-kngu-ybf6
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-8qus-7xen-hubb
4
vulnerability VCID-9fqv-dg3y-wbbf
5
vulnerability VCID-9yny-vu36-tyes
6
vulnerability VCID-a9bc-cgqq-jkfh
7
vulnerability VCID-ad7v-5hxr-s3a4
8
vulnerability VCID-aujg-14fc-1qeb
9
vulnerability VCID-cneu-aazx-byfq
10
vulnerability VCID-czuy-m8wp-fka2
11
vulnerability VCID-e4ep-2ng5-1kbm
12
vulnerability VCID-fs3m-av1v-fuf1
13
vulnerability VCID-g7s1-n3qt-b3au
14
vulnerability VCID-hh13-6e1x-p7ez
15
vulnerability VCID-jwj3-be5u-cfa6
16
vulnerability VCID-k8na-x3nm-hkav
17
vulnerability VCID-mhqg-hey8-6bee
18
vulnerability VCID-nfvy-nma3-6qbp
19
vulnerability VCID-njef-qb7s-cub8
20
vulnerability VCID-pdt2-ckb1-z3a8
21
vulnerability VCID-sdtn-nzaq-e3cb
22
vulnerability VCID-t37k-f7k1-gyhz
23
vulnerability VCID-vvej-1fex-kqdn
24
vulnerability VCID-wcsx-j8xk-r7c7
25
vulnerability VCID-wjjk-6bpu-7qd8
26
vulnerability VCID-x12b-mjr9-sba2
27
vulnerability VCID-x6d2-n97u-8ke1
28
vulnerability VCID-xk93-69dj-9ufm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.2
aliases CVE-2023-36259, GHSA-v89q-c273-3p42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k9fu-3c3w-eubw
13
url VCID-mhqg-hey8-6bee
vulnerability_id VCID-mhqg-hey8-6bee
summary An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about code provided by the Craft CMS product; it is only a report about the Feed Me plugin. NOTE: a third-party report states that commit b5d6ede51848349bd91bc95fec288b6793f15e28 has "nothing to do with security."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36260
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.59112
published_at 2026-06-12T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.59001
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36260
1
reference_url https://github.com/craftcms/feed-me
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/feed-me
2
reference_url https://github.com/craftcms/feed-me/releases/tag/4.6.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/feed-me/releases/tag/4.6.2
3
reference_url https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28
reference_id b5d6ede51848349bd91bc95fec288b6793f15e28
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/
url https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28
4
reference_url https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29
reference_id b5d6ede51848349bd91bc95fec288b6793f15e28%29
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/
url https://github.com/craftcms/feed-me/commit/b5d6ede51848349bd91bc95fec288b6793f15e28%29
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36260
reference_id CVE-2023-36260
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36260
6
reference_url https://github.com/advisories/GHSA-6p78-f7h9-6838
reference_id GHSA-6p78-f7h9-6838
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6p78-f7h9-6838
7
reference_url https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
reference_id ?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-30T16:40:39Z/
url https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
fixed_packages
0
url pkg:composer/craftcms/cms@4.6.2
purl pkg:composer/craftcms/cms@4.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.6.2
1
url pkg:composer/craftcms/cms@4.7.0
purl pkg:composer/craftcms/cms@4.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12yx-3kck-s7dp
1
vulnerability VCID-16h7-f3pe-8qh8
2
vulnerability VCID-1c7e-bv58-33ax
3
vulnerability VCID-25ym-rhky-wbaq
4
vulnerability VCID-543c-646v-4yfj
5
vulnerability VCID-5qkr-aqmx-8qau
6
vulnerability VCID-5r6n-351z-2ybh
7
vulnerability VCID-726q-jfsa-9qdz
8
vulnerability VCID-76k8-sveq-3qbf
9
vulnerability VCID-7mph-yq7h-5yb8
10
vulnerability VCID-8kdh-rvh3-4yfv
11
vulnerability VCID-8m8v-ymqs-fkh9
12
vulnerability VCID-8rkv-wfha-n7hb
13
vulnerability VCID-b25s-j3du-sfg5
14
vulnerability VCID-bn85-sts4-5ygq
15
vulnerability VCID-br1f-q8nk-v7b3
16
vulnerability VCID-bsh8-7q16-t7e4
17
vulnerability VCID-c38g-6ttm-yuep
18
vulnerability VCID-czuy-m8wp-fka2
19
vulnerability VCID-e3k3-fp6t-kycw
20
vulnerability VCID-e9qn-ar3q-g3e4
21
vulnerability VCID-eypa-1c6q-tfau
22
vulnerability VCID-fs3m-av1v-fuf1
23
vulnerability VCID-g637-7ns6-kyhj
24
vulnerability VCID-gp2d-vv3n-euda
25
vulnerability VCID-grmm-88sf-wyd4
26
vulnerability VCID-htqk-ckr5-jbcu
27
vulnerability VCID-j1d4-j44f-yqh9
28
vulnerability VCID-j6wk-k1jb-jfd5
29
vulnerability VCID-j8qq-yre6-4bfx
30
vulnerability VCID-kb3b-8hqt-nqfj
31
vulnerability VCID-nep2-e16y-9yg4
32
vulnerability VCID-nhab-uyen-ayhq
33
vulnerability VCID-p8kk-e27s-n7cs
34
vulnerability VCID-pfwt-hxpb-4ub8
35
vulnerability VCID-py3b-5ps7-7fe3
36
vulnerability VCID-qmcc-3ued-m7gk
37
vulnerability VCID-qrmg-jky7-87cb
38
vulnerability VCID-r47n-36pn-cbe4
39
vulnerability VCID-rezz-ka5s-hyg2
40
vulnerability VCID-smdx-nfbs-2qbx
41
vulnerability VCID-tfc8-rkdd-53f7
42
vulnerability VCID-vrpf-parp-7kgr
43
vulnerability VCID-wnr9-2wyr-wug4
44
vulnerability VCID-x12b-mjr9-sba2
45
vulnerability VCID-x1w2-ytck-17bn
46
vulnerability VCID-y2ya-ys74-vqbv
47
vulnerability VCID-yc89-41eq-b3eh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.7.0
aliases CVE-2023-36260, GHSA-6p78-f7h9-6838
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhqg-hey8-6bee
14
url VCID-nfvy-nma3-6qbp
vulnerability_id VCID-nfvy-nma3-6qbp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27902
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.62334
published_at 2026-06-11T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.62435
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27902
1
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1
3
reference_url https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27902
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27902
5
reference_url https://github.com/advisories/GHSA-3jxh-789f-p7m6
reference_id GHSA-3jxh-789f-p7m6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3jxh-789f-p7m6
fixed_packages
0
url pkg:composer/craftcms/cms@3.6.0
purl pkg:composer/craftcms/cms@3.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-118v-keeb-f7a6
1
vulnerability VCID-3asf-kngu-ybf6
2
vulnerability VCID-543c-646v-4yfj
3
vulnerability VCID-8kdh-rvh3-4yfv
4
vulnerability VCID-8m8v-ymqs-fkh9
5
vulnerability VCID-9fqv-dg3y-wbbf
6
vulnerability VCID-9wmc-pstb-ykfq
7
vulnerability VCID-9yny-vu36-tyes
8
vulnerability VCID-a9bc-cgqq-jkfh
9
vulnerability VCID-ad7v-5hxr-s3a4
10
vulnerability VCID-aujg-14fc-1qeb
11
vulnerability VCID-cneu-aazx-byfq
12
vulnerability VCID-czuy-m8wp-fka2
13
vulnerability VCID-e4ep-2ng5-1kbm
14
vulnerability VCID-fs3m-av1v-fuf1
15
vulnerability VCID-g7s1-n3qt-b3au
16
vulnerability VCID-grmm-88sf-wyd4
17
vulnerability VCID-hh13-6e1x-p7ez
18
vulnerability VCID-htqk-ckr5-jbcu
19
vulnerability VCID-jwj3-be5u-cfa6
20
vulnerability VCID-k8na-x3nm-hkav
21
vulnerability VCID-mhqg-hey8-6bee
22
vulnerability VCID-sdtn-nzaq-e3cb
23
vulnerability VCID-t37k-f7k1-gyhz
24
vulnerability VCID-vvej-1fex-kqdn
25
vulnerability VCID-wcsx-j8xk-r7c7
26
vulnerability VCID-x12b-mjr9-sba2
27
vulnerability VCID-x6d2-n97u-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.0
aliases CVE-2021-27902, GHSA-3jxh-789f-p7m6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfvy-nma3-6qbp
15
url VCID-njef-qb7s-cub8
vulnerability_id VCID-njef-qb7s-cub8
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20465
reference_id
reference_type
scores
0
value 0.00664
scoring_system epss
scoring_elements 0.71755
published_at 2026-06-12T12:55:00Z
1
value 0.00664
scoring_system epss
scoring_elements 0.7167
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20465
1
reference_url https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md
2
reference_url https://github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20465
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20465
4
reference_url https://github.com/advisories/GHSA-j7fx-v37j-v3w7
reference_id GHSA-j7fx-v37j-v3w7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j7fx-v37j-v3w7
fixed_packages
0
url pkg:composer/craftcms/cms@3.0.35
purl pkg:composer/craftcms/cms@3.0.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-118v-keeb-f7a6
1
vulnerability VCID-3asf-kngu-ybf6
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-8qus-7xen-hubb
4
vulnerability VCID-9fqv-dg3y-wbbf
5
vulnerability VCID-9yny-vu36-tyes
6
vulnerability VCID-a9bc-cgqq-jkfh
7
vulnerability VCID-ad7v-5hxr-s3a4
8
vulnerability VCID-aujg-14fc-1qeb
9
vulnerability VCID-cneu-aazx-byfq
10
vulnerability VCID-czuy-m8wp-fka2
11
vulnerability VCID-e4ep-2ng5-1kbm
12
vulnerability VCID-fs3m-av1v-fuf1
13
vulnerability VCID-g7s1-n3qt-b3au
14
vulnerability VCID-hh13-6e1x-p7ez
15
vulnerability VCID-jwj3-be5u-cfa6
16
vulnerability VCID-k8na-x3nm-hkav
17
vulnerability VCID-mhqg-hey8-6bee
18
vulnerability VCID-nfvy-nma3-6qbp
19
vulnerability VCID-pdt2-ckb1-z3a8
20
vulnerability VCID-sdtn-nzaq-e3cb
21
vulnerability VCID-t37k-f7k1-gyhz
22
vulnerability VCID-vvej-1fex-kqdn
23
vulnerability VCID-wcsx-j8xk-r7c7
24
vulnerability VCID-wjjk-6bpu-7qd8
25
vulnerability VCID-x12b-mjr9-sba2
26
vulnerability VCID-x6d2-n97u-8ke1
27
vulnerability VCID-xk93-69dj-9ufm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.35
aliases CVE-2018-20465, GHSA-j7fx-v37j-v3w7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njef-qb7s-cub8
16
url VCID-pdt2-ckb1-z3a8
vulnerability_id VCID-pdt2-ckb1-z3a8
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17496
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56291
published_at 2026-06-12T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56172
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17496
1
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09
2
reference_url https://github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-17496
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-17496
4
reference_url https://github.com/advisories/GHSA-f3xr-q258-h7m9
reference_id GHSA-f3xr-q258-h7m9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3xr-q258-h7m9
fixed_packages
0
url pkg:composer/craftcms/cms@3.3.8
purl pkg:composer/craftcms/cms@3.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-118v-keeb-f7a6
1
vulnerability VCID-3asf-kngu-ybf6
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-9fqv-dg3y-wbbf
4
vulnerability VCID-9yny-vu36-tyes
5
vulnerability VCID-a9bc-cgqq-jkfh
6
vulnerability VCID-ad7v-5hxr-s3a4
7
vulnerability VCID-aujg-14fc-1qeb
8
vulnerability VCID-cneu-aazx-byfq
9
vulnerability VCID-czuy-m8wp-fka2
10
vulnerability VCID-e4ep-2ng5-1kbm
11
vulnerability VCID-fs3m-av1v-fuf1
12
vulnerability VCID-g7s1-n3qt-b3au
13
vulnerability VCID-hh13-6e1x-p7ez
14
vulnerability VCID-jwj3-be5u-cfa6
15
vulnerability VCID-k8na-x3nm-hkav
16
vulnerability VCID-mhqg-hey8-6bee
17
vulnerability VCID-nfvy-nma3-6qbp
18
vulnerability VCID-sdtn-nzaq-e3cb
19
vulnerability VCID-t37k-f7k1-gyhz
20
vulnerability VCID-vvej-1fex-kqdn
21
vulnerability VCID-wcsx-j8xk-r7c7
22
vulnerability VCID-x12b-mjr9-sba2
23
vulnerability VCID-x6d2-n97u-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.8
aliases CVE-2019-17496, GHSA-f3xr-q258-h7m9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdt2-ckb1-z3a8
17
url VCID-sdtn-nzaq-e3cb
vulnerability_id VCID-sdtn-nzaq-e3cb
summary XSS Injection Vulnerability
references
0
reference_url https://github.com/advisories/GHSA-wf98-vxv9-jqfv
reference_id GHSA-wf98-vxv9-jqfv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wf98-vxv9-jqfv
1
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv
reference_id GHSA-wf98-vxv9-jqfv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.29
purl pkg:composer/craftcms/cms@3.7.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3asf-kngu-ybf6
1
vulnerability VCID-543c-646v-4yfj
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-8m8v-ymqs-fkh9
4
vulnerability VCID-9fqv-dg3y-wbbf
5
vulnerability VCID-9yny-vu36-tyes
6
vulnerability VCID-a9bc-cgqq-jkfh
7
vulnerability VCID-ad7v-5hxr-s3a4
8
vulnerability VCID-aujg-14fc-1qeb
9
vulnerability VCID-cneu-aazx-byfq
10
vulnerability VCID-czuy-m8wp-fka2
11
vulnerability VCID-e4ep-2ng5-1kbm
12
vulnerability VCID-fs3m-av1v-fuf1
13
vulnerability VCID-grmm-88sf-wyd4
14
vulnerability VCID-hh13-6e1x-p7ez
15
vulnerability VCID-htqk-ckr5-jbcu
16
vulnerability VCID-jwj3-be5u-cfa6
17
vulnerability VCID-k8na-x3nm-hkav
18
vulnerability VCID-mhqg-hey8-6bee
19
vulnerability VCID-t37k-f7k1-gyhz
20
vulnerability VCID-vvej-1fex-kqdn
21
vulnerability VCID-wcsx-j8xk-r7c7
22
vulnerability VCID-x12b-mjr9-sba2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29
aliases GHSA-wf98-vxv9-jqfv, GMS-2022-790
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sdtn-nzaq-e3cb
18
url VCID-t37k-f7k1-gyhz
vulnerability_id VCID-t37k-f7k1-gyhz
summary Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23927
reference_id
reference_type
scores
0
value 0.02749
scoring_system epss
scoring_elements 0.8632
published_at 2026-06-11T12:55:00Z
1
value 0.02749
scoring_system epss
scoring_elements 0.86371
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23927
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23927
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23927
2
reference_url https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4
reference_id 215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/
url https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4
3
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03
reference_id CHANGELOG.md#437---2023-02-03
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03
4
reference_url https://github.com/advisories/GHSA-qcrj-6ffc-v7hq
reference_id GHSA-qcrj-6ffc-v7hq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcrj-6ffc-v7hq
5
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq
reference_id GHSA-qcrj-6ffc-v7hq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:35Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.64
purl pkg:composer/craftcms/cms@3.7.64
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-543c-646v-4yfj
1
vulnerability VCID-8kdh-rvh3-4yfv
2
vulnerability VCID-8m8v-ymqs-fkh9
3
vulnerability VCID-9fqv-dg3y-wbbf
4
vulnerability VCID-9yny-vu36-tyes
5
vulnerability VCID-a9bc-cgqq-jkfh
6
vulnerability VCID-ad7v-5hxr-s3a4
7
vulnerability VCID-aujg-14fc-1qeb
8
vulnerability VCID-cneu-aazx-byfq
9
vulnerability VCID-czuy-m8wp-fka2
10
vulnerability VCID-e4ep-2ng5-1kbm
11
vulnerability VCID-fs3m-av1v-fuf1
12
vulnerability VCID-grmm-88sf-wyd4
13
vulnerability VCID-hh13-6e1x-p7ez
14
vulnerability VCID-htqk-ckr5-jbcu
15
vulnerability VCID-mhqg-hey8-6bee
16
vulnerability VCID-t37k-f7k1-gyhz
17
vulnerability VCID-vvej-1fex-kqdn
18
vulnerability VCID-wcsx-j8xk-r7c7
19
vulnerability VCID-x12b-mjr9-sba2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.64
1
url pkg:composer/craftcms/cms@4.3.7
purl pkg:composer/craftcms/cms@4.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12yx-3kck-s7dp
1
vulnerability VCID-16h7-f3pe-8qh8
2
vulnerability VCID-25ym-rhky-wbaq
3
vulnerability VCID-543c-646v-4yfj
4
vulnerability VCID-5qkr-aqmx-8qau
5
vulnerability VCID-5r6n-351z-2ybh
6
vulnerability VCID-726q-jfsa-9qdz
7
vulnerability VCID-76k8-sveq-3qbf
8
vulnerability VCID-8kdh-rvh3-4yfv
9
vulnerability VCID-8m8v-ymqs-fkh9
10
vulnerability VCID-8rkv-wfha-n7hb
11
vulnerability VCID-9fqv-dg3y-wbbf
12
vulnerability VCID-9krv-seyq-juez
13
vulnerability VCID-9yny-vu36-tyes
14
vulnerability VCID-a9bc-cgqq-jkfh
15
vulnerability VCID-ad7v-5hxr-s3a4
16
vulnerability VCID-b25s-j3du-sfg5
17
vulnerability VCID-bn85-sts4-5ygq
18
vulnerability VCID-br1f-q8nk-v7b3
19
vulnerability VCID-c38g-6ttm-yuep
20
vulnerability VCID-cneu-aazx-byfq
21
vulnerability VCID-czuy-m8wp-fka2
22
vulnerability VCID-e3k3-fp6t-kycw
23
vulnerability VCID-e9qn-ar3q-g3e4
24
vulnerability VCID-eypa-1c6q-tfau
25
vulnerability VCID-fs3m-av1v-fuf1
26
vulnerability VCID-g637-7ns6-kyhj
27
vulnerability VCID-gjvb-ht1w-s3hm
28
vulnerability VCID-gp2d-vv3n-euda
29
vulnerability VCID-grmm-88sf-wyd4
30
vulnerability VCID-h3za-7cd7-vkav
31
vulnerability VCID-hh13-6e1x-p7ez
32
vulnerability VCID-htqk-ckr5-jbcu
33
vulnerability VCID-j1d4-j44f-yqh9
34
vulnerability VCID-j6wk-k1jb-jfd5
35
vulnerability VCID-j8qq-yre6-4bfx
36
vulnerability VCID-kb3b-8hqt-nqfj
37
vulnerability VCID-mhqg-hey8-6bee
38
vulnerability VCID-nep2-e16y-9yg4
39
vulnerability VCID-nhab-uyen-ayhq
40
vulnerability VCID-p8kk-e27s-n7cs
41
vulnerability VCID-pfwt-hxpb-4ub8
42
vulnerability VCID-py3b-5ps7-7fe3
43
vulnerability VCID-qmcc-3ued-m7gk
44
vulnerability VCID-qrmg-jky7-87cb
45
vulnerability VCID-r47n-36pn-cbe4
46
vulnerability VCID-rezz-ka5s-hyg2
47
vulnerability VCID-smdx-nfbs-2qbx
48
vulnerability VCID-tf8p-xrne-8qfg
49
vulnerability VCID-tfc8-rkdd-53f7
50
vulnerability VCID-vrpf-parp-7kgr
51
vulnerability VCID-vvej-1fex-kqdn
52
vulnerability VCID-wcsx-j8xk-r7c7
53
vulnerability VCID-wnr9-2wyr-wug4
54
vulnerability VCID-x12b-mjr9-sba2
55
vulnerability VCID-x1w2-ytck-17bn
56
vulnerability VCID-y2ya-ys74-vqbv
57
vulnerability VCID-yc89-41eq-b3eh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.3.7
aliases CVE-2023-23927, GHSA-qcrj-6ffc-v7hq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t37k-f7k1-gyhz
19
url VCID-wjjk-6bpu-7qd8
vulnerability_id VCID-wjjk-6bpu-7qd8
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-15929
reference_id
reference_type
scores
0
value 0.00358
scoring_system epss
scoring_elements 0.58426
published_at 2026-06-11T12:55:00Z
1
value 0.00358
scoring_system epss
scoring_elements 0.58538
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-15929
1
reference_url https://github.com/craftcms/cms/blob/3.1.7/CHANGELOG-v3.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/3.1.7/CHANGELOG-v3.md
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-15929
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-15929
3
reference_url https://github.com/advisories/GHSA-wvr4-w6cw-4px8
reference_id GHSA-wvr4-w6cw-4px8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wvr4-w6cw-4px8
fixed_packages
0
url pkg:composer/craftcms/cms@3.1.7
purl pkg:composer/craftcms/cms@3.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-118v-keeb-f7a6
1
vulnerability VCID-3asf-kngu-ybf6
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-8qus-7xen-hubb
4
vulnerability VCID-9fqv-dg3y-wbbf
5
vulnerability VCID-9yny-vu36-tyes
6
vulnerability VCID-a9bc-cgqq-jkfh
7
vulnerability VCID-ad7v-5hxr-s3a4
8
vulnerability VCID-aujg-14fc-1qeb
9
vulnerability VCID-cneu-aazx-byfq
10
vulnerability VCID-czuy-m8wp-fka2
11
vulnerability VCID-e4ep-2ng5-1kbm
12
vulnerability VCID-fs3m-av1v-fuf1
13
vulnerability VCID-g7s1-n3qt-b3au
14
vulnerability VCID-hh13-6e1x-p7ez
15
vulnerability VCID-jwj3-be5u-cfa6
16
vulnerability VCID-k8na-x3nm-hkav
17
vulnerability VCID-mhqg-hey8-6bee
18
vulnerability VCID-nfvy-nma3-6qbp
19
vulnerability VCID-pdt2-ckb1-z3a8
20
vulnerability VCID-sdtn-nzaq-e3cb
21
vulnerability VCID-t37k-f7k1-gyhz
22
vulnerability VCID-vvej-1fex-kqdn
23
vulnerability VCID-wcsx-j8xk-r7c7
24
vulnerability VCID-x12b-mjr9-sba2
25
vulnerability VCID-x6d2-n97u-8ke1
26
vulnerability VCID-xk93-69dj-9ufm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.1.7
aliases CVE-2019-15929, GHSA-wvr4-w6cw-4px8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjjk-6bpu-7qd8
20
url VCID-x6d2-n97u-8ke1
vulnerability_id VCID-x6d2-n97u-8ke1
summary Cross-site Scripting in craftcms/cms
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28378
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56291
published_at 2026-06-12T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56172
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28378
1
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18
2
reference_url https://github.com/craftcms/cms/commit/7ca2b2d2ccecfb524525afc8ceac6f6e44f84b88
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/7ca2b2d2ccecfb524525afc8ceac6f6e44f84b88
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28378
reference_id CVE-2022-28378
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28378
4
reference_url https://github.com/advisories/GHSA-7xj5-fwqr-5378
reference_id GHSA-7xj5-fwqr-5378
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xj5-fwqr-5378
fixed_packages
0
url pkg:composer/craftcms/cms@3.7.29
purl pkg:composer/craftcms/cms@3.7.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3asf-kngu-ybf6
1
vulnerability VCID-543c-646v-4yfj
2
vulnerability VCID-8kdh-rvh3-4yfv
3
vulnerability VCID-8m8v-ymqs-fkh9
4
vulnerability VCID-9fqv-dg3y-wbbf
5
vulnerability VCID-9yny-vu36-tyes
6
vulnerability VCID-a9bc-cgqq-jkfh
7
vulnerability VCID-ad7v-5hxr-s3a4
8
vulnerability VCID-aujg-14fc-1qeb
9
vulnerability VCID-cneu-aazx-byfq
10
vulnerability VCID-czuy-m8wp-fka2
11
vulnerability VCID-e4ep-2ng5-1kbm
12
vulnerability VCID-fs3m-av1v-fuf1
13
vulnerability VCID-grmm-88sf-wyd4
14
vulnerability VCID-hh13-6e1x-p7ez
15
vulnerability VCID-htqk-ckr5-jbcu
16
vulnerability VCID-jwj3-be5u-cfa6
17
vulnerability VCID-k8na-x3nm-hkav
18
vulnerability VCID-mhqg-hey8-6bee
19
vulnerability VCID-t37k-f7k1-gyhz
20
vulnerability VCID-vvej-1fex-kqdn
21
vulnerability VCID-wcsx-j8xk-r7c7
22
vulnerability VCID-x12b-mjr9-sba2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.29
aliases CVE-2022-28378, GHSA-7xj5-fwqr-5378
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x6d2-n97u-8ke1
21
url VCID-xk93-69dj-9ufm
vulnerability_id VCID-xk93-69dj-9ufm
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12823
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56291
published_at 2026-06-12T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56172
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12823
1
reference_url https://github.com/craftcms/cms/blob/6432eca59b93bcea2ca2616199e5d419447e613f/CHANGELOG-v3.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/6432eca59b93bcea2ca2616199e5d419447e613f/CHANGELOG-v3.md
2
reference_url https://github.com/craftcms/cms/commit/6432eca59b93bcea2ca2616199e5d419447e613f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/6432eca59b93bcea2ca2616199e5d419447e613f
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12823
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12823
4
reference_url https://github.com/advisories/GHSA-w5q4-q7wp-qww6
reference_id GHSA-w5q4-q7wp-qww6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w5q4-q7wp-qww6
fixed_packages
0
url pkg:composer/craftcms/cms@3.1.31
purl pkg:composer/craftcms/cms@3.1.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-118v-keeb-f7a6
1
vulnerability VCID-3asf-kngu-ybf6
2
vulnerability VCID-5r1t-9sdm-j3cf
3
vulnerability VCID-8kdh-rvh3-4yfv
4
vulnerability VCID-8qus-7xen-hubb
5
vulnerability VCID-9fqv-dg3y-wbbf
6
vulnerability VCID-9yny-vu36-tyes
7
vulnerability VCID-a9bc-cgqq-jkfh
8
vulnerability VCID-ad7v-5hxr-s3a4
9
vulnerability VCID-aujg-14fc-1qeb
10
vulnerability VCID-cneu-aazx-byfq
11
vulnerability VCID-czuy-m8wp-fka2
12
vulnerability VCID-e4ep-2ng5-1kbm
13
vulnerability VCID-fs3m-av1v-fuf1
14
vulnerability VCID-g7s1-n3qt-b3au
15
vulnerability VCID-hh13-6e1x-p7ez
16
vulnerability VCID-jwj3-be5u-cfa6
17
vulnerability VCID-k8na-x3nm-hkav
18
vulnerability VCID-mhqg-hey8-6bee
19
vulnerability VCID-nfvy-nma3-6qbp
20
vulnerability VCID-pdt2-ckb1-z3a8
21
vulnerability VCID-sdtn-nzaq-e3cb
22
vulnerability VCID-t37k-f7k1-gyhz
23
vulnerability VCID-vvej-1fex-kqdn
24
vulnerability VCID-wcsx-j8xk-r7c7
25
vulnerability VCID-x12b-mjr9-sba2
26
vulnerability VCID-x6d2-n97u-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.1.31
aliases CVE-2019-12823, GHSA-w5q4-q7wp-qww6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xk93-69dj-9ufm
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2984