Magnolia-cms Magnolia Cms — known CVE vulnerabilities
Every CVE whose affected-product data names Magnolia-cms Magnolia Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-46361 — CVSS 9.8 (critical): An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary…
CVE-2021-46362 — CVSS 9.8 (critical): A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows…
CVE-2021-46366 — CVSS 8.8 (high): An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site…
CVE-2021-46365 — CVSS 7.8 (high): An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
CVE-2021-46363 — CVSS 7.8 (high): An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS…
CVE-2021-46364 — CVSS 7.8 (high): A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML…
CVE-2022-33098 — CVSS 6.1 (medium): Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability…
CVE-2021-25894 — CVSS 6.1 (medium): Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html…
CVE-2021-25893 — CVSS 5.4 (medium): Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of…