craftcms/cms Security Advisories for 3.7.19.1 (14)
-
[CRITICAL] Craft CMS SQL injection vulnerability via the GraphQL API endpoint
PKSA-5d9d-qr6t-qn95 CVE-2024-37843 GHSA-hq4f-mv3q-8wcv
Affected version: <=3.7.31
Reported by:
GitHub -
[MEDIUM] Craft CMS Feed-Me
PKSA-yq9g-7wmy-ph9w CVE-2023-36260 GHSA-6p78-f7h9-6838
Affected version: <4.6.2
Reported by:
GitHub -
[MEDIUM] Craft CMS Privilege Escalation
PKSA-gcgv-38nz-y8bs CVE-2024-21622 GHSA-j5g9-j7r4-6qvx
Affected version: >=3.0.0,<=3.9.5|>=4.0.0-RC1,<=4.5.10
Reported by:
GitHub -
[HIGH] Craft CMS vulnerable to Remote Code Execution via validatePath bypass
PKSA-cdfq-1syy-3hcn CVE-2023-40035 GHSA-44wr-rmwq-3phw
Affected version: >=3.0.0,<=3.8.14|>=4.0.0-RC1,<=4.4.14
Reported by:
GitHub -
[MEDIUM] Craft CMS vulnerable to HTML injection
PKSA-htxf-m811-km69 CVE-2023-33495 GHSA-m3v5-gjj9-rg24
Affected version: <=4.4.9
Reported by:
GitHub -
[LOW] CraftCMS stored XSS in Quick Post widget error message
PKSA-yhf6-73qh-nrcp CVE-2023-33194 GHSA-3wxg-w96j-8hq9
Affected version: >=3.0.0,<=3.8.5|>=4.0.0-RC1,<4.4.6
Reported by:
GitHub -
[HIGH] CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
PKSA-2kbt-tv7g-v7px CVE-2023-30130 GHSA-fjx5-xm7q-whvj
Affected version: <=3.8.1
Reported by:
GitHub -
[MEDIUM] craftcms/cms vulnerable to cross site scripting in RSS feed widget
PKSA-wgr5-shk8-4nmh CVE-2023-31144 GHSA-j4mx-98hw-6rv6
Affected version: >=4.0.0,<=4.4.3|>=3.0.0,<=3.8.3
Reported by:
GitHub -
[MEDIUM] Cross Site Scripting in CraftCMS
PKSA-t4fh-cwff-qj8q CVE-2023-30177 GHSA-wv7j-rc2q-9j67
Affected version: <3.7.68
Reported by:
GitHub -
[HIGH] Craft CMS discloses password hashes
PKSA-rgy6-34nm-mk1h CVE-2022-37783 GHSA-h972-v458-m892
Affected version: >=3.0.0,<=3.7.32
Reported by:
GitHub -
[MEDIUM] Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
PKSA-hq26-n3zb-ct5n CVE-2022-37251 GHSA-mw37-wx8p-gp45
Affected version: >=4.0.0-RC1,<4.2.1|>=3.7.0-beta.1,<3.7.55.2
Reported by:
GitHub -
[HIGH] Improper account password reset in Craft CMS
PKSA-61st-bdmf-2n6s CVE-2022-29933 GHSA-5cjr-78cq-3wrg
Affected version: <3.7.36
Reported by:
GitHub -
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in craftcms/cms
PKSA-1ktx-1md2-qf47 CVE-2022-28378 GHSA-7xj5-fwqr-5378
Affected version: <3.7.29
Reported by:
GitHub