VYPR

CMS

by Aimeos

CVEs (18)

  • CVE-2025-28357HigOct 1, 2025
    risk 0.57cvss 8.8epss 0.00

    A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request.

  • CVE-2025-60869HigOct 10, 2025
    risk 0.47cvss 7.3epss 0.00

    Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site Scripting (XSS) via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the…

  • CVE-2026-46723MedMay 19, 2026
    risk 0.38cvss epss 0.00

    The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index.

  • CVE-2025-11019LowSep 26, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

  • CVE-2025-10940LowSep 25, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layouts_save of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack…

  • CVE-2025-59117Nov 18, 2025
    risk 0.00cvss epss 0.00

    Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. This vulnerability can be exploited by a privileged user and may target users with higher privileges. Only version 4.1 was tested…

  • CVE-2025-59110Nov 18, 2025
    risk 0.00cvss epss 0.00

    Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was…

  • CVE-2025-60574Nov 7, 2025
    risk 0.00cvss epss 0.00

    A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from…

  • CVE-2025-63593Nov 3, 2025
    risk 0.00cvss epss 0.00

    Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS).

  • CVE-2025-60454Oct 3, 2025
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows attackers to upload…

  • CVE-2025-7065Sep 30, 2025
    risk 0.00cvss epss 0.01

    Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all…

  • CVE-2024-48341Sep 8, 2025
    risk 0.00cvss epss 0.00

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop

  • CVE-2023-39096Aug 3, 2023
    risk 0.00cvss epss 0.00

    WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.

  • CVE-2023-34917Jul 31, 2023
    risk 0.00cvss epss 0.00

    Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.

  • CVE-2023-34916Jul 31, 2023
    risk 0.00cvss epss 0.00

    Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.

  • CVE-2023-37742Jul 21, 2023
    risk 0.00cvss epss 0.00

    WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.

  • CVE-2023-36339Jul 21, 2023
    risk 0.00cvss epss 0.00

    An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request.

  • CVE-2023-3785Jul 20, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in PaulPrinting CMS 2018. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument firstname/lastname/address/city/state leads to cross site scripting. The attack may be launched remotely.…