VYPR

Amiro.CMS

by Amirocms

CVEs (4)

  • CVE-2009-3803Oct 27, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message parameter to…

  • CVE-2009-3802Oct 27, 2009
    risk 0.03cvss epss 0.03

    Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message.

  • CVE-2024-56116Dec 18, 2024
    risk 0.01cvss epss 0.00

    A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.

  • CVE-2024-56115Dec 18, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack.