Filtered by vendor Craftcms
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8384 | 1 Craftcms | 1 Craft Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. | |||||
| CVE-2017-8383 | 1 Craftcms | 1 Craft Cms | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. | |||||
| CVE-2017-8052 | 1 Craftcms | 1 Craft Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2974 allows XSS attacks. | |||||
| CVE-2017-8385 | 1 Craftcms | 1 Craft Cms | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. | |||||