Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist craftcms/cms Security Advisories

Loading...
High
GSA_kwCzR0hTQS02cDc4LWY3aDktNjgzOM4AA48K
Craft CMS Feed-Me
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qNWc5LWo3cjQtNnF2eM4AA4L0
Craft CMS Privilege Escalation
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS00dzhyLTN4cnctdjI1Z84AA12q
Craft CMS Remote Code Execution vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 9 months ago
High
GSA_kwCzR0hTQS00NHdyLXJtd3EtM3Bod84AA1aT
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1tM3Y1LWdqajktcmcyNM4AAz9L
Craft CMS vulnerable to HTML injection
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03eDk0LWp4NzUtM2doNs4AAzfU
Stored cross site scripting in Craft CMS
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02cWp4LTc4N3YtNnB4cs4AAze0
Craft CMS stored XSS in indexedVolumes
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jam1tLXg5eDktbTJ3Nc4AAzez
Craft CMS stored XSS in review volume
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xcGdtLWdqZ2YtOGMyeM4AAzey
Craft CMS XSS in RSS widget feed
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0zd3hnLXc5NmotOGhxOc4AAzex
CraftCMS stored XSS in Quick Post widget error message
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS12cXhmLXI5cGgtY2M5Y84AAzbH
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mang1LXhtN3Etd2h2as4AAzTe
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNG14LTk4aHctNnJ2Ns4AAzGz
craftcms/cms vulnerable to cross site scripting in RSS feed widget
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13djdqLXJjMnEtOWo2N84AAy9X
Cross Site Scripting in CraftCMS
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xY3JqLTZmZmMtdjdocc4AAx7K
Craft CMS Stored Cross-site Scripting Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oOTcyLXY0NTgtbTg5Ms4AAwJz
Craft CMS discloses password hashes
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mNTQ2LXY2NjYtNTU5eM4AAu-Z
Craft CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13eHZmLTgzOWYtanFtaM4AAu32
Craft CMS Cross site Scripting vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cjg5LXg5M3gtbWpxMs4AAu33
Craft CMS Stored Cross-site Scripting in User Addresses Title
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zY3ZtLTd3cmgtcXJmOc4AAu3C
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tdzM3LXd4OHAtZ3A0Nc4AAu4D
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zM2pqLTkycHgtbTRnN84AAn8C
Craft CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13dnI0LXc2Y3ctNHB4OM4AAige
Craft CMS possibility of brute force attempts
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mM3hyLXEyNTgtaDdtOc4AAiXR
Craft CMS XSS Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13NXE0LXE3d3AtcXd3Ns4AAhCh
Craft CMS XSS Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14djVmLTI5OTctcWhycc4AAbrG
Craft CMS XSS Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05bWN3LW13eHYtZ3J3as4AAboB
Craft CMS XSS Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qMjdnLXI1OHEtNjI0d84AAboA
Craft CMS subject to URL forgery
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02cHZ3LWhoNDgtang3cM4AAa1F
Craft CMS XSS Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03MnBmLWN2d3EtdmdxZ84AAT3J
Craft CMS Cross-site Scripting (XSS) Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qN2Z4LXYzN2otdjN3N84AASzK
Craft CMS Vulnerable to Server-Side Template Injection
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03cXE2LWZncHcteHc0Nc4AASds
Craft CMS Unauthorized View
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yMzQyLXZqYzQtd3Jtas3_CA
Craft CMS PHP Code Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS01Y2pyLTc4Y3EtM3dyZ83kIg
Improper account password reset in Craft CMS
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13Zjk4LXZ4djktanFmds04kA
XSS Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03eGo1LWZ3cXItNTM3OM04Fg
Cross-site Scripting in craftcms/cms
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oMnJqLTh3Z2ctbW00M800GA
Craft CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oN3ZxLTVxZ3ctand3cc0WlA
CSV Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyajctNmh4bS04N3Az
Craft CMS Remote Code Injection
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqeGgtNzg5Zi1wN202
Craft CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: almost 3 years ago
Statistics
Advisories: 18,946
Packages: 8,441
Repositories: 6
Ecosystems: 12
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 109 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 silverstripe/framework 83 typo3/cms-core 77 drupal/drupal 76 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 snipe/snipe-it 32 shopware/shopware 31 mautic/core 30 getgrav/grav 29 centreon/centreon 27 prestashop/prestashop 26 magento/core 24 mediawiki/core 24 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 francoisjacquet/rosariosis 17 symfony/security 17 genix/cms 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 topthink/framework 17 yetiforce/yetiforce-crm 16 smarty/smarty 15 openmage/magento-lts 15 ec-cube/ec-cube 14 typo3/cms-backend 14 symfony/security-http 14 zendframework/zendframework1 14 silverstripe/cms 14 phpmailer/phpmailer 14 codeigniter4/framework 13 lavalite/cms 13 october/system 13 elefant/cms 13 bolt/bolt 13 impresscms/impresscms 13 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 dompdf/dompdf 12 feehi/feehicms 11 sylius/sylius 11 ezsystems/ezplatform-kernel 11 feehi/cms 11 zendframework/zendframework 11 wwbn/avideo 11 pagekit/pagekit 10 opencart/opencart 10 ezsystems/ezpublish-legacy 10 admidio/admidio 10 wallabag/wallabag 10 pimcore/admin-ui-classic-bundle 10 nukeviet/nukeviet 10 concrete5/core 9 contao/core 9 alextselegidis/easyappointments 9 ssddanbrown/bookstack 9 kevinpapst/kimai2 9 october/october 9 funadmin/funadmin 9 tinymce/tinymce 9 TinyMCE 9 tinymce 9 silverstripe/admin 8 sulu/sulu 8 codiad/codiad 8 gilacms/gila 8 croogo/croogo 8 yiisoft/yii2 8 pimcore/customer-management-framework-bundle 8 october/cms 8 facturascripts/facturascripts 8 silverstripe/graphql 8 symfony/http-foundation 7 pterodactyl/panel 7 mantisbt/mantisbt 7 flarum/core 7 october/backend 7 statamic/cms 7 passbolt/passbolt_api 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 directmailteam/direct-mail 6 composer/composer 6 symfony/http-kernel 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 gleez/cms 6 dweeves/magmi 6 nystudio107/craft-seomatic 6 yourls/yourls 6 oro/platform 6 backdrop/backdrop 6 zoujingli/thinkadmin 6 in2code/femanager 6 yiisoft/yii2-dev 6 billz/raspap-webgui 5 phpxmlrpc/phpxmlrpc 5 typo3/cms-install 5 symfony/security-core 5 elgg/elgg 5 thinkcmf/thinkcmf 5 phpseclib/phpseclib 5 vrana/adminer 5 automad/automad 5 silverstripe/assets 5 simplesamlphp/saml2 5 neos/neos 5 neos/flow 5 illuminate/database 5 cachethq/cachet 5 ibexa/core 5 anchorcms/anchor-cms 5 phpservermon/phpservermon 5 pear/archive_tar 5 codeigniter/framework 5 gugoan/economizzer 5 bottelet/flarepoint 5 evolutioncms/evolution 4 adodb/adodb-php 4 bytefury/crater 4 codeigniter4/shield 4 bref/bref 4 pyrocms/pyrocms 4 typo3/html-sanitizer 4 friendsofsymfony/user-bundle 4 appwrite/server-ce 4 kimai/kimai 4 spatie/browsershot 4 notrinos/notrinos-erp 4 symfony/security-bundle 4 wp-premium/gravityforms 4 wintercms/winter 4 shopware/storefront 4 sylius/resource-bundle 4 modx/revolution 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 ezsystems/ezplatform 4 oro/commerce 4 idno/known 4 magento/product-community-edition 4 reportico-web/reportico 3 froala/wysiwyg-editor 3 pixelfed/pixelfed 3 amphp/http-client 3 enhavo/enhavo-app 3 symfony/form 3 prestashop/productcomments 3 ckeditor4 3 qcubed/qcubed 3 facade/ignition 3 quickapps/cms 3 phenx/php-svg-lib 3 yiisoft/yii 3 joomla/joomla-cms 3 joomla/framework 3 phpoffice/phpspreadsheet 3 shopxo/shopxo 3 apache-solr-for-typo3/solr 3 swiftmailer/swiftmailer 3 processwire/processwire 3 verot/class.upload.php 3 buddypress/buddypress 3 zendframework/zendservice-api 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-technorati 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-nirvanix 3 tecnickcom/tcpdf 3 artesaos/seotools 3