Medium
CVE-2017-8052
Craft CMS before 2.6.2974 allows XSS attacks.
Tag: Craft CMS
All CVEs associated with "Craft CMS". Page 2/2 • 121 CVEs.
Subscribe CVEs: RSS for “Craft CMS” · RSS (High+Critical only)
About “Craft CMS”
A curated feed of “Craft CMS”-related CVEs appears below. We currently track 121 CVEs for this tag (all time). In the last 365 days, 62 were published. Average CVSS is 6.5 (all time; 6.5 over 365d), and 38% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-639 - Authorization Bypass Through User-Controlled Key, CWE-94 - Improper Control of Generation of Code ('Code Injection').
In our taxonomy this topic maps to a MODERATE impact class. CMS and plugins expand attack surface. Patch core, themes, and plugins, remove abandoned extensions, restrict admin access, enable WAF, and keep backups. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0