| Max CVSS | 4.3 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-12823 | 4.3 |
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
|
18-10-2021 - 12:04 | 18-06-2019 - 13:15 | |
| CVE-2018-20465 | 4.0 |
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of th
|
03-10-2019 - 00:03 | 25-12-2018 - 23:29 | |
| CVE-2018-20418 | 3.5 |
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
|
16-03-2019 - 01:52 | 24-12-2018 - 04:29 |