Brandon Kelly - Security Researcher - Exploit Intelligence Platform

CVE-2019-12823 WRITEUP MEDIUM WRITEUP

Craftcms Craft Cms < 3.1.31 - XSS

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.

CVSS 6.1

View Code

CVE-2019-17496 WRITEUP MEDIUM WRITEUP

Craftcms Craft Cms < 3.3.8 - XSS

Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.

CVSS 6.1

View Code

CVE-2021-27902 WRITEUP MEDIUM WRITEUP

Craft CMS <3.6.0 - XSS

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.

CVSS 6.1

View Code

CVE-2024-21622 WRITEUP MEDIUM WRITEUP

Craftcms Craft Cms < 3.9.6 - Improper Privilege Management

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.

CVSS 5.4

View Code