Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Crafter Software — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting Crafter Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Crafter Software is a content management platform primarily used for enterprise web applications and digital experiences. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, with 14 CVEs documented. Security researchers have identified authentication bypass issues and insecure default configurations as recurring concerns. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in web management interfaces suggests potential attack surfaces for unauthorized access or system compromise. Organizations using this platform should prioritize timely patching and hardening of administrative interfaces to mitigate identified risks.

Top products by Crafter Software: Crafter CMS
CVE IDTitleCVSSSeverityPublished
CVE-2022-40635 Improper Control of Dynamically-Managed Code Resources in Crafter Studio — Crafter CMSCWE-913 6.4 Medium2022-09-13
CVE-2022-40634 Improper Control of Dynamically-Managed Code Resources in Crafter Studio — Crafter CMSCWE-913 6.4 Medium2022-09-13
CVE-2021-23267 Improper Control of Dynamically-Managed Code Resources in Crafter Studio — Crafter CMSCWE-913 7.6 High2022-05-16
CVE-2021-23266 Improper Output Neutralization for Logs in Crafter Studio — Crafter CMSCWE-117 4.3 Medium2022-05-16
CVE-2021-23265 Improper Privilege Management in Crafter Studio — Crafter CMSCWE-269 3.5 Low2022-05-16
CVE-2021-23264 Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search — Crafter CMSCWE-402 8.1 High2021-12-02
CVE-2021-23262 Snakeyaml deserialization vulnerability bypass — Crafter CMSCWE-913 4.2 Medium2021-12-02
CVE-2021-23263 Transmission of Private Resources into a New Sphere ('Resource Leak') in Crafter Engine — Crafter CMSCWE-402 5.9 Medium2021-12-02
CVE-2021-23261 Overriding the system configuration file causes a denial of service — Crafter CMSCWE-703 4.5 Medium2021-12-02
CVE-2021-23259 Groovy Sandbox Bypass — Crafter CMSCWE-913 4.2 Medium2021-12-02
CVE-2021-23260 Stored XSS Vulnerability in File Name of the File Upload function — Crafter CMSCWE-79 6.5 Medium2021-12-02
CVE-2021-23258 Spring SPEL Expression Language Injection — Crafter CMSCWE-913 4.2 Medium2021-12-02
CVE-2020-25803 Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects. — Crafter CMSCWE-913 4.2 Medium2020-10-06
CVE-2020-25802 Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting. — Crafter CMSCWE-913 4.2 Medium2020-10-06

This page lists every published CVE security advisory associated with Crafter Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.