Security Advisories - craftcms/cms - Packagist

craftcms/cms Security Advisories for 4.0.0-beta.1 (5)

[HIGH] Craft CMS Arbitrary System File Read

PKSA-jkbm-w624-yb7q CVE-2024-52292 GHSA-cw6g-qmjq-6w2w

Affected version: >=3.5.13,<=4.12.6.1|>=5.0.0-alpha.1,<=5.4.7.1

Reported by:
GitHub
[MEDIUM] Craft CMS Feed-Me

PKSA-yq9g-7wmy-ph9w CVE-2023-36260 GHSA-6p78-f7h9-6838

Affected version: <4.6.2

Reported by:
GitHub
[MEDIUM] Craft CMS vulnerable to HTML injection

PKSA-htxf-m811-km69 CVE-2023-33495 GHSA-m3v5-gjj9-rg24

Affected version: <=4.4.9

Reported by:
GitHub
[HIGH] Craft CMS vulnerable to Remote Code Execution via unrestricted file extension

PKSA-trjg-y1pb-yh98 CVE-2023-32679 GHSA-vqxf-r9ph-cc9c

Affected version: >=4.0.0,<4.4.6

Reported by:
GitHub
[MEDIUM] craftcms/cms vulnerable to cross site scripting in RSS feed widget

PKSA-wgr5-shk8-4nmh CVE-2023-31144 GHSA-j4mx-98hw-6rv6

Affected version: >=4.0.0,<=4.4.3|>=3.0.0,<=3.8.3

Reported by:
GitHub