Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

Craft CMS

Craft is a flexible user-friendly CMS for creating custom digital experiences on the web and beyond.

Official Site:

https://craftcms.com/

Severity Summary:

Critical: 10 High: 32 Medium: 55
Reference
Title
Severity
CVE-2026-29113
Craft CMS Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2026-28782
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2019-9554
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-68436
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2022-37251
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-20418
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-9516
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-8385
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability
Medium
CVE-2017-8384
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-8383
Craft CMS Vulnerability
Medium
CVE-2017-8052
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-19626
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14280
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2019-17496
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-27902
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-32470
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-28378
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-37246
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-37247
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-37248
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-68437
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability
Medium
CVE-2023-33195
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-35939
Craft CMS Other Vulnerability
Medium
CVE-2019-12823
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-52292
Craft CMS Files or Directories Accessible to External Parties Vulnerability
Medium
CVE-2024-45406
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-36259
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-33495
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-33196
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-37250
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium