VYPR

ukcms

by ukcms

CVEs (3)

  • CVE-2019-10888HigApr 5, 2019
    risk 0.57cvss 8.8epss 0.01

    A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.

  • CVE-2020-18449MedAug 12, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php

  • CVE-2020-20977MedAug 12, 2021
    risk 0.35cvss 5.4epss 0.01

    A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.