{"url":"http://public2.vulnerablecode.io/api/packages/74190?format=json","purl":"pkg:composer/craftcms/cms@4.5.0-RC1","type":"composer","namespace":"craftcms","name":"cms","version":"4.5.0-RC1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.5.11","latest_non_vulnerable_version":"5.9.9","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50301?format=json","vulnerability_id":"VCID-39ct-cg7w-kyb6","summary":"Craft CMS has Stored XSS in Table Field via \"HTML\" Column Type\nA stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` component when using the `html` column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field.","references":[{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/f5d488d9bb6eff7670ed2c2fe30e15692e92c52b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/craftcms/cms/commit/f5d488d9bb6eff7670ed2c2fe30e15692e92c52b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27126","reference_id":"CVE-2026-27126","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27126"},{"reference_url":"https://github.com/advisories/GHSA-3jh3-prx3-w6wc","reference_id":"GHSA-3jh3-prx3-w6wc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3jh3-prx3-w6wc"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-3jh3-prx3-w6wc","reference_id":"GHSA-3jh3-prx3-w6wc","reference_type":"","scores":[],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-3jh3-prx3-w6wc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74189?format=json","purl":"pkg:composer/craftcms/cms@4.16.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.19"},{"url":"http://public2.vulnerablecode.io/api/packages/74188?format=json","purl":"pkg:composer/craftcms/cms@5.8.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.23"}],"aliases":["CVE-2026-27126","GHSA-3jh3-prx3-w6wc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39ct-cg7w-kyb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50299?format=json","vulnerability_id":"VCID-a3b5-pwyh-yugv","summary":"Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit\nA Time-of-Check-Time-of-Use (TOCTOU) race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The `getTokenRoute()` method reads a token’s usage count, checks if it’s within limits, then updates the database in separate non-atomic operations. By sending concurrent requests, an attacker can use a single-use impersonation token multiple times before the database update completes.\n\nTo make this work, an attacker needs to obtain a valid user account impersonation URL with a non-expired token via some other means and exploit a race condition while bypassing any rate-limiting rules in place.\n\nFor this to be a privilege escalation, the impersonation URL must include a token for a user account with more permissions than the current user.","references":[{"reference_url":"https://github.com/craftcms/cms","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/craftcms/cms"},{"reference_url":"https://github.com/craftcms/cms/commit/3e4afe18279951c024c64896aa2b93cda6d95fdf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/craftcms/cms/commit/3e4afe18279951c024c64896aa2b93cda6d95fdf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27128","reference_id":"CVE-2026-27128","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27128"},{"reference_url":"https://github.com/advisories/GHSA-6fx5-5cw5-4897","reference_id":"GHSA-6fx5-5cw5-4897","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6fx5-5cw5-4897"},{"reference_url":"https://github.com/craftcms/cms/security/advisories/GHSA-6fx5-5cw5-4897","reference_id":"GHSA-6fx5-5cw5-4897","reference_type":"","scores":[],"url":"https://github.com/craftcms/cms/security/advisories/GHSA-6fx5-5cw5-4897"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74189?format=json","purl":"pkg:composer/craftcms/cms@4.16.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.19"},{"url":"http://public2.vulnerablecode.io/api/packages/74188?format=json","purl":"pkg:composer/craftcms/cms@5.8.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.23"}],"aliases":["CVE-2026-27128","GHSA-6fx5-5cw5-4897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3b5-pwyh-yugv"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.5.0-RC1"}