Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Verbb Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13868 1 Verbb 1 Comments 2020-06-09 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.
CVE-2020-13869 1 Verbb 1 Comments 2020-06-09 3.5 LOW 5.4 MEDIUM
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.
CVE-2020-13870 1 Verbb 1 Comments 2020-06-09 3.5 LOW 5.4 MEDIUM
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
CVE-2020-13458 1 Verbb 1 Image Resizer 2020-05-27 6.8 MEDIUM 8.8 HIGH
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459 1 Verbb 1 Image Resizer 2020-05-27 3.5 LOW 5.4 MEDIUM
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVE-2020-13485 1 Verbb 1 Knock Knock 2020-05-26 6.4 MEDIUM 9.1 CRITICAL
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13486 1 Verbb 1 Knock Knock 2020-05-26 5.8 MEDIUM 6.1 MEDIUM
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.