craftcms/cms vulnerabilities

  • licenses detected

Direct Vulnerabilities

Known vulnerabilities in the craftcms/cms package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Privilege Management

>=3.0.0, <3.9.6 >=4.0.0-RC1, <4.5.11
  • C
Remote Code Execution (RCE)

>=4.0.0-RC1, <4.4.15
  • H
Remote Code Execution (RCE)

>=3.0.0, <3.8.15 >=4.0.0-RC1, <4.4.15
  • M
Cross-site Scripting (XSS)

<2.6.2976
  • M
Cross-site Scripting (XSS)

<2.6.2982
  • M
Cross-site Scripting (XSS)

<2.6.2974
  • M
Access Restriction Bypass

<2.6.2976
  • M
Improper Input Validation

>=0.0.0
  • M
Server-side Request Forgery (SSRF)

<4.4.2
  • M
Cross-site Scripting (XSS)

<4.4.12
  • M
Cross-site Scripting (XSS)

>=4.3.0, <4.4.6
  • M
Cross-site Scripting (XSS)

>=3.0.0, <3.8.6 >=4.0.0-RC1, <4.4.6
  • M
Cross-site Scripting (XSS)

>=4.0.0-rc1, <4.4.6
  • M
Cross-site Scripting (XSS)

>=4.0.0-rc1, <4.4.7
  • H
Remote Code Execution (RCE)

>=4.0.0, <4.4.6
  • H
Arbitrary Code Execution

>=0.0.0
  • M
Cross-site Scripting (XSS)

<3.8.4 >=4.0.0, <4.4.4
  • M
Cross-site Scripting (XSS)

<3.7.68
  • M
Cross-site Scripting (XSS)

<4.3.7
  • M
Cross-site Request Forgery (CSRF)

>=3.0.0, <3.7.33
  • M
Cross-site Scripting (XSS)

<3.7.51 >=4.0.0-alpha.1, <4.2.1
  • M
Cross-site Scripting (XSS)

<4.2.1
  • M
Cross-site Scripting (XSS)

<4.2.1
  • M
Cross-site Scripting (XSS)

<4.2.1
  • M
Cross-site Scripting (XSS)

<4.2.1
  • M
Access Restriction Bypass

>=0.0.0
  • M
Cross-site Scripting (XSS)

<3.7.29
  • L
CSV Injection

<3.7.14
  • M
Cross-site Scripting (XSS)

<3.6.0
  • M
Remote Code Execution (RCE)

<3.6.7
  • M
Cross-site Scripting (XSS)

<3.6.13
  • M
Cross-site Scripting (XSS)

<3.1.33
  • M
Brute Force

<3.1.7
  • H
Cross-site Scripting (XSS)

<3.3.8
  • H
Information Exposure

<2.7.10 >=3.0.0, <3.2.6
  • M
Cross-site Scripting (XSS)

<3.1.31