NuGet package

sscms

pkg:nuget/sscms

Vulnerabilities (5)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-2862	—	<= 7.2.1	—	May 24, 2023	A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remote
CVE-2022-30349	—	—	—	May 27, 2022	siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).
CVE-2021-42656	—	<= 6.15.51	—	May 24, 2022	SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
CVE-2021-42655	—	<= 6.15.51	—	May 24, 2022	SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
CVE-2019-11401	—	< 6.12	6.12	Apr 21, 2019	A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.

CVE-2023-2862May 24, 2023
affected <= 7.2.1
A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remote
CVE-2022-30349May 27, 2022
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).
CVE-2021-42656May 24, 2022
affected <= 6.15.51
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
CVE-2021-42655May 24, 2022
affected <= 6.15.51
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
CVE-2019-11401Apr 21, 2019
affected < 6.12fixed 6.12
A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.