VYPR

Dilicms

by Chekun

Source repositories

CVEs (7)

  • CVE-2018-19291MedNov 15, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.

  • CVE-2018-18210MedOct 10, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.

  • CVE-2018-18209MedOct 10, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.

  • CVE-2019-8439MedMar 7, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain.

  • CVE-2019-8440MedMar 7, 2019
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo.

  • CVE-2019-8438MedMar 7, 2019
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name.

  • CVE-2018-10430MedApr 26, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.