Filtered by vendor Magnolia-cms
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | |||||
| CVE-2021-46363 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-06-05 | 9.3 HIGH | 7.8 HIGH |
| An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. | |||||
| CVE-2021-46364 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | |||||
| CVE-2021-46365 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file. | |||||