cbcvebase.

Magnolia-Cms Magnolia Cms vulnerabilities

9 known vulnerabilities affecting magnolia-cms/magnolia_cms.

Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2022-33098P3MEDIUMCVSS 6.1PoCv6.2.192022-07-07
CVE-2022-33098 [MEDIUM] CWE-79 CVE-2022-33098: Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ed Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
nvd
CVE-2021-46362P3CRITICALCVSS 9.8fixed in 6.2.42022-02-11
CVE-2021-46362 [CRITICAL] CWE-94 CVE-2021-46362: A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password for A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
nvd
CVE-2021-46361P3CRITICALCVSS 9.8fixed in 6.2.122022-02-11
CVE-2021-46361 [CRITICAL] CVE-2021-46361: An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass securit An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
nvd
CVE-2021-46363P3HIGHCVSS 7.8fixed in 6.2.42022-02-11
CVE-2021-46363 [HIGH] CWE-1236 CVE-2021-46363: An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Inj An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.
nvd
CVE-2021-46365P3HIGHCVSS 7.8fixed in 6.2.42022-02-11
CVE-2021-46365 [HIGH] CWE-611 CVE-2021-46365: An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML Externa An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
nvd
CVE-2021-46364P3HIGHCVSS 7.8fixed in 6.2.42022-02-11
CVE-2021-46364 [HIGH] CWE-502 CVE-2021-46364: A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execut A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
nvd
CVE-2021-46366P4HIGHCVSS 8.8fixed in 6.2.42022-02-11
CVE-2021-46366 [HIGH] CWE-352 CVE-2021-46366: An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
nvd
CVE-2021-25894P4MEDIUMCVSS 6.1≥ 6.1.3, < 6.1.7≥ 6.2.3, < 6.2.42021-04-02
CVE-2021-25894 [MEDIUM] CWE-79 CVE-2021-25894: Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the / Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.
nvd
CVE-2021-25893P4MEDIUMCVSS 5.4≥ 6.1.3, < 6.1.7≥ 6.2.3, < 6.2.42021-04-02
CVE-2021-25893 [MEDIUM] CWE-79 CVE-2021-25893: Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the s Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.
nvd
Magnolia-Cms Magnolia Cms vulnerabilities | cvebase