VYPR

CMS

by Siteserver

Source repositories

CVEs (63)

  • CVE-2024-32343Apr 17, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.

  • CVE-2024-30614Apr 12, 2024
    risk 0.00cvss epss 0.00

    An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.

  • CVE-2023-2862May 24, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack…

  • CVE-2022-44298Jan 27, 2023
    risk 0.00cvss epss 0.01

    SiteServer CMS 7.1.3 is vulnerable to SQL Injection.

  • CVE-2022-44297Jan 26, 2023
    risk 0.00cvss epss 0.01

    SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.

  • CVE-2020-35597Jun 16, 2022
    risk 0.00cvss epss 0.01

    Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.

  • CVE-2021-42655May 24, 2022
    risk 0.00cvss epss 0.01

    SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.

  • CVE-2021-42654May 24, 2022
    risk 0.00cvss epss 0.02

    SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.

  • CVE-2020-28960Oct 22, 2021
    risk 0.00cvss epss 0.02

    Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.

  • CVE-2020-20122Sep 28, 2021
    risk 0.00cvss epss 0.01

    Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.

  • CVE-2020-19155Sep 15, 2021
    risk 0.00cvss epss 0.07

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.

  • CVE-2020-19154Sep 15, 2021
    risk 0.00cvss epss 0.04

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.

  • CVE-2020-19148Sep 15, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.

  • CVE-2020-19146Sep 15, 2021
    risk 0.00cvss epss 0.02

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.

  • CVE-2020-21976Aug 11, 2021
    risk 0.00cvss epss 0.02

    An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.

  • CVE-2020-23715Jun 28, 2021
    risk 0.00cvss epss 0.02

    Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download.

  • CVE-2020-23962Jun 23, 2021
    risk 0.00cvss epss 0.01

    A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter.

  • CVE-2020-35126Dec 11, 2020
    risk 0.00cvss epss 0.01

    Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy.

  • CVE-2020-26042Sep 29, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php

  • CVE-2019-11401Apr 21, 2019
    risk 0.00cvss epss 0.03

    A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.