Magnolia-cms » Magnolia Cms : Security Vulnerabilities, CVEs,
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
Max CVSS
9.8
EPSS Score
0.22%
Published
2022-02-11
Updated
2022-02-22
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
Max CVSS
9.8
EPSS Score
0.27%
Published
2022-02-11
Updated
2022-02-22
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.
Max CVSS
9.3
EPSS Score
0.07%
Published
2022-02-11
Updated
2022-06-05
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
Max CVSS
8.8
EPSS Score
0.09%
Published
2022-02-11
Updated
2022-07-12
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-02-11
Updated
2022-03-29
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-02-11
Updated
2022-04-19
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.
Max CVSS
6.1
EPSS Score
0.13%
Published
2021-04-02
Updated
2021-04-15
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-07-07
Updated
2022-07-15
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.
Max CVSS
5.4
EPSS Score
0.07%
Published
2021-04-02
Updated
2021-04-15
9 vulnerabilities found