Magnolia Cms

magnolia-cms

10 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Magnolia Form Module

magnolia_form_module

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-33098 1Magnolia Cms 1Magnolia Cms Nov 21, 2024 Jul 7, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-46366 1Magnolia Cms 1Magnolia Cms Nov 21, 2024 Feb 11, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
CVE-2021-46365 1Magnolia Cms 1Magnolia Cms Nov 21, 2024 Feb 11, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
CVE-2021-46364 1Magnolia Cms 1Magnolia Cms Nov 21, 2024 Feb 11, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
CVE-2021-46363 1Magnolia Cms 1Magnolia Cms Nov 21, 2024 Feb 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer w...Show more An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.Show less
CVE-2021-46362 1Magnolia Cms 1Magnolia Cms Nov 21, 2024 Feb 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullna...Show more A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.Show less
CVE-2021-46361 1Magnolia Cms 1Magnolia Cms Nov 21, 2024 Feb 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
CVE-2021-25894 1Magnolia Cms 1Magnolia Cms Nov 21, 2024 Apr 2, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.
CVE-2021-25893 1Magnolia Cms 1Magnolia Cms Nov 21, 2024 Apr 2, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.
CVE-2013-4759 1Magnolia Cms 1Magnolia Form Module Apr 29, 2026 Aug 9, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (...Show more Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.Show less