Bounties
Partners
Community
Info
craftcms / cms
Project repository
Build bespoke content experiences with Craft.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
25 DAYS
FIX
WITHIN
40 DAYS
'fields[body]' parameter is vulnerable for Reflected XSS
Oct 6th 2023
nishaaaap
•
pending
Improper error handling leads to stack trace error disclosure
Apr 15th 2023
akshayravic09yc47
•
pending
Stored XSS in Entry title
Mar 31st 2023
whitebearvn
•
informative
Medium
Reflected Cross Site Scripting in fieldLayout parameter
Mar 31st 2023
retrymp3
•
informative
Medium
Stored XSS via Feed URL
May 8th 2022
keerok
•
pending
Authenticated RCE through composer.json file upload
May 8th 2022
caioluders
•
pending
Authenticated RCE through /admin/settings/email endpoint
Jun 16th 2022
caioluders
•
High
High
Full account takeover via host header injection
Jun 8th 2022
sirr0n
•
duplicate
High
Host Header Attack
Jun 7th 2022
dungtuanha
•
informative
High
Cross-site Scripting (XSS) - Relected in Error Page
May 30th 2022
dungtuanha
•
not applicable
Database Password and Application Secrets Accessible via Environment Variables
Apr 11th 2022
terminaljunki3
•
not applicable
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
