All the vulnerabilites related to craftcms - cms
cve-2024-45406
Vulnerability from cvelistv5
Published
2024-09-09 16:46
Modified
2024-09-09 19:59
Summary
Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "craft_cms",
            "vendor": "craftcms",
            "versions": [
              {
                "lessThan": "5.1.2",
                "status": "affected",
                "version": "5.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45406",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:58:18.333986Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:59:08.697Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-09T16:46:26.948Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8"
        }
      ],
      "source": {
        "advisory": "GHSA-28h4-788g-rh42",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS stored XSS in breadcrumb list and title fields"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45406",
    "datePublished": "2024-09-09T16:46:26.948Z",
    "dateReserved": "2024-08-28T20:21:32.804Z",
    "dateUpdated": "2024-09-09T19:59:08.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-23927
Vulnerability from cvelistv5
Published
2023-03-03 21:58
Modified
2024-08-02 10:42
Summary
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:42:26.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq"
          },
          {
            "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03"
          },
          {
            "name": "https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.3.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-03T21:58:26.183Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-qcrj-6ffc-v7hq"
        },
        {
          "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#437---2023-02-03"
        },
        {
          "name": "https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4"
        }
      ],
      "source": {
        "advisory": "GHSA-qcrj-6ffc-v7hq",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS stored cross-site scripting vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-23927",
    "datePublished": "2023-03-03T21:58:26.183Z",
    "dateReserved": "2023-01-19T21:12:31.359Z",
    "dateUpdated": "2024-08-02T10:42:26.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41800
Vulnerability from cvelistv5
Published
2024-07-25 16:12
Modified
2024-08-02 04:46
Summary
Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "craft_cms",
            "vendor": "craftcms",
            "versions": [
              {
                "lessThanOrEqual": "5.2.3",
                "status": "affected",
                "version": "5.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41800",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T15:26:45.640519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T15:28:42.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38"
          },
          {
            "name": "https://github.com/craftcms/cms/releases/tag/5.2.3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/releases/tag/5.2.3"
          },
          {
            "name": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-beta.1, \u003c 5.2.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim\u0027s credentials. This has been patched in Craft 5.2.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-25T16:12:58.907Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38"
        },
        {
          "name": "https://github.com/craftcms/cms/releases/tag/5.2.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/releases/tag/5.2.3"
        },
        {
          "name": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use"
        }
      ],
      "source": {
        "advisory": "GHSA-wmx7-pw49-88jx",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS Allows TOTP Token To Stay Valid After Use"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-41800",
    "datePublished": "2024-07-25T16:12:58.907Z",
    "dateReserved": "2024-07-22T13:57:37.135Z",
    "dateUpdated": "2024-08-02T04:46:52.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-41892
Vulnerability from cvelistv5
Published
2023-09-13 19:45
Modified
2024-08-02 19:09
Severity ?
Summary
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:09:49.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476"
          },
          {
            "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c= 4.4.14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-13T19:45:25.736Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476"
        },
        {
          "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical"
        },
        {
          "url": "http://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "advisory": "GHSA-4w8r-3xrw-v25g",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS Remote Code Execution vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-41892",
    "datePublished": "2023-09-13T19:45:25.736Z",
    "dateReserved": "2023-09-04T16:31:48.225Z",
    "dateUpdated": "2024-08-02T19:09:49.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-33195
Vulnerability from cvelistv5
Published
2023-05-27 03:51
Modified
2024-08-02 15:39
Summary
Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f"
          },
          {
            "name": "https://github.com/craftcms/cms/releases/tag/4.4.6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/releases/tag/4.4.6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.3.0, \u003c= 4.4.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-02T20:03:06.585Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f"
        },
        {
          "name": "https://github.com/craftcms/cms/releases/tag/4.4.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/releases/tag/4.4.6"
        }
      ],
      "source": {
        "advisory": "GHSA-qpgm-gjgf-8c2x",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS XSS in RSS widget feed"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-33195",
    "datePublished": "2023-05-27T03:51:35.684Z",
    "dateReserved": "2023-05-17T22:25:50.699Z",
    "dateUpdated": "2024-08-02T15:39:35.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21622
Vulnerability from cvelistv5
Published
2024-01-03 16:51
Modified
2024-08-01 22:27
Summary
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.206Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx"
          },
          {
            "name": "https://github.com/craftcms/cms/pull/13931",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/pull/13931"
          },
          {
            "name": "https://github.com/craftcms/cms/pull/13932",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/pull/13932"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843"
          },
          {
            "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16"
          },
          {
            "name": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c 4.5.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.9.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-03T16:51:25.704Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx"
        },
        {
          "name": "https://github.com/craftcms/cms/pull/13931",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/pull/13931"
        },
        {
          "name": "https://github.com/craftcms/cms/pull/13932",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/pull/13932"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843"
        },
        {
          "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16"
        },
        {
          "name": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16"
        }
      ],
      "source": {
        "advisory": "GHSA-j5g9-j7r4-6qvx",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-21622",
    "datePublished": "2024-01-03T16:51:25.704Z",
    "dateReserved": "2023-12-29T03:00:44.953Z",
    "dateUpdated": "2024-08-01T22:27:35.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-52291
Vulnerability from cvelistv5
Published
2024-11-13 16:12
Modified
2024-11-13 18:52
Summary
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "craft_cms",
            "vendor": "craftcms",
            "versions": [
              {
                "lessThanOrEqual": "5.0.0-RC1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "5.4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "4.0.0-RC1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.12.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52291",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T18:50:50.793331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:52:15.774Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-RC1, \u003c 5.4.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c 4.12.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-13T16:12:14.803Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q"
        }
      ],
      "source": {
        "advisory": "GHSA-jrh5-vhr9-qh7q",
        "discovery": "UNKNOWN"
      },
      "title": "Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52291",
    "datePublished": "2024-11-13T16:12:14.803Z",
    "dateReserved": "2024-11-06T19:00:26.394Z",
    "dateUpdated": "2024-11-13T18:52:15.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-56145
Vulnerability from cvelistv5
Published
2024-12-18 20:37
Modified
2024-12-19 20:13
Summary
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T21:10:39.740643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T21:10:48.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c 4.13.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-RC1, \u003c 5.5.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.9.14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T20:13:33.762Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3"
        }
      ],
      "source": {
        "advisory": "GHSA-2p6p-9rc9-62j9",
        "discovery": "UNKNOWN"
      },
      "title": "RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-56145",
    "datePublished": "2024-12-18T20:37:34.301Z",
    "dateReserved": "2024-12-16T18:04:39.983Z",
    "dateUpdated": "2024-12-19T20:13:33.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-31144
Vulnerability from cvelistv5
Published
2023-05-09 15:22
Modified
2024-08-02 14:45
Summary
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:45:25.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.8.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.4.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T15:22:39.915Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442"
        }
      ],
      "source": {
        "advisory": "GHSA-j4mx-98hw-6rv6",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS vulnerable to cross site scripting in RSS feed widget"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-31144",
    "datePublished": "2023-05-09T15:22:39.915Z",
    "dateReserved": "2023-04-24T21:44:10.417Z",
    "dateUpdated": "2024-08-02T14:45:25.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-33194
Vulnerability from cvelistv5
Published
2023-05-26 20:30
Modified
2024-08-02 15:39
Summary
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888"
          },
          {
            "name": "https://github.com/craftcms/cms/releases/tag/4.4.6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/releases/tag/4.4.6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c 4.4.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c= 3.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn\u2019t fix it when clicking save. This issue was patched in version 4.4.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-26T20:30:23.382Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888"
        },
        {
          "name": "https://github.com/craftcms/cms/releases/tag/4.4.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/releases/tag/4.4.6"
        }
      ],
      "source": {
        "advisory": "GHSA-3wxg-w96j-8hq9",
        "discovery": "UNKNOWN"
      },
      "title": "CraftCMS stored XSS in Quick Post widget error message"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-33194",
    "datePublished": "2023-05-26T20:30:23.382Z",
    "dateReserved": "2023-05-17T22:25:50.699Z",
    "dateUpdated": "2024-08-02T15:39:35.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-32679
Vulnerability from cvelistv5
Published
2023-05-19 19:40
Modified
2024-08-02 15:25
Summary
Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:25:36.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-vqxf-r9ph-cc9c",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-vqxf-r9ph-cc9c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.4.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string(\u0027\u0027) in the View.php\u0027s doesTemplateExist() -\u003e resolveTemplate() -\u003e _resolveTemplateInternal() -\u003e _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-19T19:40:14.858Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-vqxf-r9ph-cc9c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-vqxf-r9ph-cc9c"
        }
      ],
      "source": {
        "advisory": "GHSA-vqxf-r9ph-cc9c",
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution via unrestricted file extension in Craft CMS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-32679",
    "datePublished": "2023-05-19T19:40:14.858Z",
    "dateReserved": "2023-05-11T16:33:45.731Z",
    "dateUpdated": "2024-08-02T15:25:36.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-52293
Vulnerability from cvelistv5
Published
2024-11-13 16:04
Modified
2024-11-13 18:56
Summary
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "craft_cms",
            "vendor": "craftcms",
            "versions": [
              {
                "lessThanOrEqual": "4.0.0-RC1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.12.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.0.0-RC1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "5.4.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52293",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T18:54:41.908235Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:56:00.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c 4.12.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-RC1, \u003c 5.4.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-13T16:04:52.005Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/123e48a696de1e2f63ab519d4730eb3b87beaa58",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/123e48a696de1e2f63ab519d4730eb3b87beaa58"
        }
      ],
      "source": {
        "advisory": "GHSA-f3cw-hg6r-chfv",
        "discovery": "UNKNOWN"
      },
      "title": "Craft has a Potential Remote Code Execution via missing path normalization \u0026 Twig SSTI"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52293",
    "datePublished": "2024-11-13T16:04:52.005Z",
    "dateReserved": "2024-11-06T19:00:26.394Z",
    "dateUpdated": "2024-11-13T18:56:00.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-52292
Vulnerability from cvelistv5
Published
2024-11-13 16:08
Modified
2024-11-13 18:53
Summary
Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "craft_cms",
            "vendor": "craftcms",
            "versions": [
              {
                "lessThanOrEqual": "5.0.0-alpha.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "5.4.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "3.5.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.12.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52292",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T18:52:42.544634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:53:58.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-alpha.1, \u003c 5.4.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.5.13, \u003c 4.12.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file\u0027s content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552: Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-13T16:12:45.221Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-cw6g-qmjq-6w2w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-cw6g-qmjq-6w2w"
        }
      ],
      "source": {
        "advisory": "GHSA-cw6g-qmjq-6w2w",
        "discovery": "UNKNOWN"
      },
      "title": "Craft Allows Attackers to Read Arbitrary System Files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52292",
    "datePublished": "2024-11-13T16:08:32.698Z",
    "dateReserved": "2024-11-06T19:00:26.394Z",
    "dateUpdated": "2024-11-13T18:53:58.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-33196
Vulnerability from cvelistv5
Published
2023-05-26 20:22
Modified
2024-08-02 15:39
Summary
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.663Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7"
          },
          {
            "name": "https://github.com/craftcms/cms/releases/tag/4.4.7",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/releases/tag/4.4.7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c= 4.4.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-26T20:22:23.637Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7"
        },
        {
          "name": "https://github.com/craftcms/cms/releases/tag/4.4.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/releases/tag/4.4.7"
        }
      ],
      "source": {
        "advisory": "GHSA-cjmm-x9x9-m2w5",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS stored XSS in review volume"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-33196",
    "datePublished": "2023-05-26T20:22:23.637Z",
    "dateReserved": "2023-05-17T22:25:50.699Z",
    "dateUpdated": "2024-08-02T15:39:35.663Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-33197
Vulnerability from cvelistv5
Published
2023-05-26 19:17
Modified
2024-08-02 15:39
Summary
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766"
          },
          {
            "name": "https://github.com/craftcms/cms/releases/tag/4.4.6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/releases/tag/4.4.6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c= 4.4.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-26T19:17:23.375Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766"
        },
        {
          "name": "https://github.com/craftcms/cms/releases/tag/4.4.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/releases/tag/4.4.6"
        }
      ],
      "source": {
        "advisory": "GHSA-6qjx-787v-6pxr",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS stored XSS in indexedVolumes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-33197",
    "datePublished": "2023-05-26T19:17:23.375Z",
    "dateReserved": "2023-05-17T22:25:50.699Z",
    "dateUpdated": "2024-08-02T15:39:35.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-40035
Vulnerability from cvelistv5
Published
2023-08-23 20:05
Modified
2024-10-02 20:35
Summary
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:54.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5"
          },
          {
            "name": "https://github.com/craftcms/cms/releases/tag/3.8.15",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/releases/tag/3.8.15"
          },
          {
            "name": "https://github.com/craftcms/cms/releases/tag/4.4.15",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/releases/tag/4.4.15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40035",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T20:33:49.046383Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T20:35:01.367Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c 4.4.15"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.8.15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-23T20:05:57.455Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5"
        },
        {
          "name": "https://github.com/craftcms/cms/releases/tag/3.8.15",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/releases/tag/3.8.15"
        },
        {
          "name": "https://github.com/craftcms/cms/releases/tag/4.4.15",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/releases/tag/4.4.15"
        }
      ],
      "source": {
        "advisory": "GHSA-44wr-rmwq-3phw",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS vulnerable to Remote Code Execution via validatePath bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-40035",
    "datePublished": "2023-08-23T20:05:57.455Z",
    "dateReserved": "2023-08-08T13:46:25.245Z",
    "dateUpdated": "2024-10-02T20:35:01.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}