Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Magnolia_cms
(Magnolia\-Cms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 9 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-02 | CVE-2021-25893 | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. | Magnolia_cms | 5.4 | ||
| 2021-04-02 | CVE-2021-25894 | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. | Magnolia_cms | 6.1 | ||
| 2022-02-11 | CVE-2021-46361 | An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. | Magnolia_cms | 9.8 | ||
| 2022-02-11 | CVE-2021-46363 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. | Magnolia_cms | 7.8 | ||
| 2022-02-11 | CVE-2021-46362 | A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | Magnolia_cms | 9.8 | ||
| 2022-02-11 | CVE-2021-46364 | A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | Magnolia_cms | 7.8 | ||
| 2022-02-11 | CVE-2021-46365 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. | Magnolia_cms | 7.8 | ||
| 2022-02-11 | CVE-2021-46366 | An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | Magnolia_cms | 8.8 | ||
| 2022-07-07 | CVE-2022-33098 | Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | Magnolia_cms | 6.1 |