Aggregates CVE and security vulnerability intelligence across all magnolia-cms-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk csrf, vendor risk xxe, and vendor risk open redirect and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-33098 | Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | [email protected] | 6.1 | 50.54% | 2022-07-07 | 2026-06-17 |
| CVE-2021-46366 | An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | [email protected] | 8.8 | 0.76% | 2022-02-11 | 2026-06-17 |
| CVE-2021-46365 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. | [email protected] | 7.8 | 1.67% | 2022-02-11 | 2026-06-17 |
| CVE-2021-46364 | A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | [email protected] | 7.8 | 1.57% | 2022-02-11 | 2026-06-17 |
| CVE-2021-46363 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. | [email protected] | 7.8 | 1.87% | 2022-02-11 | 2026-06-17 |
| CVE-2021-46362 | A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | [email protected] | 9.8 | 4.66% | 2022-02-11 | 2026-06-17 |
| CVE-2021-46361 | An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. | [email protected] | 9.8 | 2.78% | 2022-02-11 | 2026-06-17 |
| CVE-2021-25894 | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. | [email protected] | 6.1 | 1.11% | 2021-04-02 | 2026-06-16 |
| CVE-2021-25893 | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. | [email protected] | 5.4 | 0.88% | 2021-04-02 | 2026-06-16 |
| CVE-2013-4759 | Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html. | [email protected] | 4.3 | 3.50% | 2013-08-09 | 2026-06-16 |