craftcms/cms Security Advisories for 2.6.2990 (19)
-
[MEDIUM] Craft CMS stores arbitrary content provided by unauthenticated users in session files
PKSA-ht16-h36v-hxc7 CVE-2025-35939 GHSA-7vrx-9684-xrf2
Affected version: <4.15.3|>=5.0.0-alpha.1,<5.7.5
Reported by:
GitHub -
[CRITICAL] Craft CMS SQL injection vulnerability via the GraphQL API endpoint
PKSA-5d9d-qr6t-qn95 CVE-2024-37843 GHSA-hq4f-mv3q-8wcv
Affected version: <=3.7.31
Reported by:
GitHub -
[HIGH] Craft CMS Feed-Me
PKSA-yq9g-7wmy-ph9w CVE-2023-36260 GHSA-6p78-f7h9-6838
Affected version: <4.6.2
Reported by:
GitHub -
[MEDIUM] Craft CMS vulnerable to HTML injection
PKSA-htxf-m811-km69 CVE-2023-33495 GHSA-m3v5-gjj9-rg24
Affected version: <=4.4.9
Reported by:
GitHub -
[HIGH] CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
PKSA-2kbt-tv7g-v7px CVE-2023-30130 GHSA-fjx5-xm7q-whvj
Affected version: <=3.8.1
Reported by:
GitHub -
[MEDIUM] Cross Site Scripting in CraftCMS
PKSA-t4fh-cwff-qj8q CVE-2023-30177 GHSA-wv7j-rc2q-9j67
Affected version: <3.7.68
Reported by:
GitHub -
[MEDIUM] Craft CMS Cross-site Scripting Vulnerability
PKSA-ngqg-qdtb-rm3d CVE-2020-19626 GHSA-33jj-92px-m4g7
Affected version: <3.1.33
Reported by:
GitHub -
[CRITICAL] Craft CMS possibility of brute force attempts
PKSA-1y5n-q5z7-8cgs CVE-2019-15929 GHSA-wvr4-w6cw-4px8
Affected version: <3.1.7
Reported by:
GitHub -
[MEDIUM] Craft CMS XSS Vulnerability
PKSA-5swg-jxtx-ftv4 CVE-2019-17496 GHSA-f3xr-q258-h7m9
Affected version: <3.3.8
Reported by:
GitHub -
[MEDIUM] Craft CMS XSS Vulnerability
PKSA-fv5t-gxkj-6y82 CVE-2019-12823 GHSA-w5q4-q7wp-qww6
Affected version: <3.1.31
Reported by:
GitHub -
[MEDIUM] Craft CMS Cross-site Scripting (XSS) Vulnerability
PKSA-4gm9-3p9z-44t6 CVE-2018-20418 GHSA-72pf-cvwq-vgqg
Affected version: <=3.0.25
Reported by:
GitHub -
[HIGH] Craft CMS Vulnerable to Server-Side Template Injection
PKSA-9b83-4qd6-4szn CVE-2018-20465 GHSA-j7fx-v37j-v3w7
Affected version: <=3.0.34
Reported by:
GitHub -
[HIGH] Craft CMS PHP Code Injection Vulnerability
PKSA-f9g7-q3qs-w8nw CVE-2018-3814 GHSA-r342-vjc4-wrmj
Affected version: <=2.6.3000
Reported by:
GitHub -
[HIGH] Improper account password reset in Craft CMS
PKSA-61st-bdmf-2n6s CVE-2022-29933 GHSA-5cjr-78cq-3wrg
Affected version: <3.7.36
Reported by:
GitHub -
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in craftcms/cms
PKSA-1ktx-1md2-qf47 CVE-2022-28378 GHSA-7xj5-fwqr-5378
Affected version: <3.7.29
Reported by:
GitHub -
[MEDIUM] Craft CMS Cross-site Scripting Vulnerability
PKSA-n1f2-zc53-b6z3 CVE-2021-32470 GHSA-h2rj-8wgg-mm43
Affected version: <3.6.13
Reported by:
GitHub -
[CRITICAL] Craft CMS Remote Code Injection
PKSA-fqry-snd1-rj28 CVE-2021-27903 GHSA-x2j7-6hxm-87p3
Affected version: <3.6.7
Reported by:
GitHub -
[MEDIUM] Craft CMS Cross-site Scripting Vulnerability
PKSA-p8kz-63g9-6c6r CVE-2021-27902 GHSA-3jxh-789f-p7m6
Affected version: <3.6.0
Reported by:
GitHub