CPE-EA6D3E14-9222-4FF6-97D9-290D2B8AEAB1 Détail

CPE Details

Craft CMS 3.9.6

Vendor

craftcms

Product

craft_cms

Version

3.9.6

Created

2024-01-09
17h13 +00:00

Modifié

2024-01-09
17h13 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:craftcms:craft_cms:3.9.6:::::::*

Informations

Vendor

craftcms

Product

craft_cms

Version

3.9.6

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2024-52292	2024-11-13 16h08 +00:00	Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8.	7.7	Haute
CVE-2023-36260	2024-01-29 23h00 +00:00	An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about code provided by the Craft CMS product; it is only a report about the Feed Me plugin. NOTE: a third-party report states that commit b5d6ede51848349bd91bc95fec288b6793f15e28 has "nothing to do with security."	7.5	Haute
CVE-2023-33495	2023-06-19 22h00 +00:00	Craft CMS through 4.4.9 is vulnerable to HTML Injection.	6.1	Moyen
CVE-2023-33197	2023-05-26 19h17 +00:00	Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.	5.5	Moyen
CVE-2023-2817	2023-05-25 22h00 +00:00	A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.	5.4	Moyen
CVE-2023-23927	2023-03-03 21h58 +00:00	Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.	6.1	Moyen

Craft CMS 3.9.6

CPE Details

CPE Name: cpe:2.3:a:craftcms:craft_cms:3.9.6:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:craftcms:craft_cms:3.9.6:::::::*