VYPR

CMS

by Havalite

CVEs (27)

  • CVE-2023-27179Apr 11, 2023
    risk 0.10cvss epss 0.61

    GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.

  • CVE-2022-46020Dec 20, 2022
    risk 0.07cvss epss 0.39

    WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.

  • CVE-2019-25137May 18, 2023
    risk 0.04cvss epss 0.04

    Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.

  • CVE-2013-0161Jan 29, 2020
    risk 0.03cvss epss 0.01

    Havalite CMS 1.1.7 has a stored XSS vulnerability

  • CVE-2012-5919Nov 19, 2012
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit…

  • CVE-2012-5894Nov 17, 2012
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.

  • CVE-2025-70866Feb 13, 2026
    risk 0.00cvss epss 0.00

    LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share…

  • CVE-2025-71177Jan 23, 2026
    risk 0.00cvss epss 0.00

    LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later…

  • CVE-2024-31828Apr 26, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL.

  • CVE-2024-27668Mar 4, 2024
    risk 0.00cvss epss 0.00

    Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'

  • CVE-2023-36983Aug 1, 2023
    risk 0.00cvss epss 0.01

    LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.

  • CVE-2023-36984Aug 1, 2023
    risk 0.00cvss epss 0.01

    LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.

  • CVE-2023-36291Jul 3, 2023
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.

  • CVE-2023-27082Jun 26, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.

  • CVE-2023-31903May 17, 2023
    risk 0.00cvss epss 0.02

    GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.

  • CVE-2023-27237May 12, 2023
    risk 0.00cvss epss 0.01

    LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.

  • CVE-2023-27238May 12, 2023
    risk 0.00cvss epss 0.01

    LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.

  • CVE-2023-27178Apr 10, 2023
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2023-27180Apr 7, 2023
    risk 0.00cvss epss 0.01

    GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.

  • CVE-2023-25828Mar 27, 2023
    risk 0.00cvss epss 0.02

    Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which…

Page 1 of 2