Packagist (Composer) package
evolutioncms/evolution
pkg:composer/evolutioncms/evolution
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-43341 | — | <= 3.2.3 | — | Oct 19, 2023 | Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter. | ||
| CVE-2023-43340 | — | <= 3.2.3 | — | Oct 19, 2023 | Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters | ||
| CVE-2018-16638 | — | >= 1.4.0, < 1.4.6 | 1.4.6 | Dec 28, 2018 | Evolution CMS 1.4.x allows XSS via the manager/ search parameter. | ||
| CVE-2018-16637 | — | >= 1.4, < 1.4.6 | 1.4.6 | Dec 28, 2018 | Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. |
- CVE-2023-43341Oct 19, 2023affected <= 3.2.3
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
- CVE-2023-43340Oct 19, 2023affected <= 3.2.3
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
- CVE-2018-16638Dec 28, 2018affected >= 1.4.0, < 1.4.6fixed 1.4.6
Evolution CMS 1.4.x allows XSS via the manager/ search parameter.
- CVE-2018-16637Dec 28, 2018affected >= 1.4, < 1.4.6fixed 1.4.6
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.