Magnolia-cms - Magnolia Cms CVE

Filtered by vendor Magnolia-cms Subscribe

Filtered by product Magnolia Cms

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-46362	1 Magnolia-cms	1 Magnolia Cms	2023-08-08	7.5 HIGH	9.8 CRITICAL
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
CVE-2021-46361	1 Magnolia-cms	1 Magnolia Cms	2022-02-22	7.5 HIGH	9.8 CRITICAL
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.

Vulnerabilities (CVE)