craftcms/cms · IA Squad

Skip to content

php · craftcms/cmsCritical

Craft CMS SSRF and Arbitrary JS Injection via /actions/app/resource-js

Craft CMS is vulnerable to SSRF and Arbitrary JavaScript Injection via the /actions/app/resource-js endpoint due to default permis

20 Jun 2026 · act now