Brandon Kelly

4 exploits Active since Jun 2019
CVE-2019-12823 WRITEUP MEDIUM WRITEUP
Craft CMS < 3.1.31 - Cross-Site Scripting via XML Feed
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
CVSS 6.1
CVE-2019-17496 WRITEUP MEDIUM WRITEUP
Craft CMS < 3.3.8 - Stored Cross-Site Scripting via Site Name Field
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVSS 6.1
CVE-2021-27902 WRITEUP MEDIUM WRITEUP
Craft CMS < 3.6.0 - Cross-Site Scripting via Front-End Form User Uploads
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
CVSS 6.1
CVE-2024-21622 WRITEUP MEDIUM WRITEUP
Craft CMS 3.0.0-3.9.5 and 4.0.0-RC1-4.4.15 - Privilege Escalation
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
CVSS 5.4