Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

Craft CMS

Craft is a flexible user-friendly CMS for creating custom digital experiences on the web and beyond.

Official Site:

https://craftcms.com/

Severity Summary:

Critical: 5 High: 16 Medium: 31
Reference
Title
Severity
CVE-2025-32432
Craft CMS Vulnerability
Critical
CVE-2024-37843
Craft CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2019-15929
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability
Critical
CVE-2023-41892
Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2021-27903
Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2024-41800
Craft CMS Improper Authentication Vulnerability
High
CVE-2024-52291
Craft CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2023-36260
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2021-41824
Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability
High
CVE-2024-52293
Craft CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2023-40035
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-30179
Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2025-23209
Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-32679
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-30130
Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2022-29933
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2024-21622
Craft CMS Vulnerability
High
CVE-2022-37783
Craft CMS Missing Encryption of Sensitive Data Vulnerability
High
CVE-2018-20465
Craft CMS Missing Encryption of Sensitive Data Vulnerability
High
CVE-2018-3814
Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2020-9757
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2021-32470
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-8384
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-33495
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-19626
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-8052
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-8383
Craft CMS Vulnerability
Medium
CVE-2017-8385
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability
Medium
CVE-2023-36259
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-33195
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium