S CMS
by S CMS
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-20701 | Med | 0.31 | 4.8 | 0.01 | Jul 30, 2021 | A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||
| CVE-2020-20700 | Med | 0.31 | 4.8 | 0.01 | Jul 30, 2021 | A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box. | ||
| CVE-2022-4377 | Low | 0.23 | 3.5 | 0.00 | Dec 9, 2022 | A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The… | ||
| CVE-2010-4772 | 0.03 | — | 0.01 | Mar 23, 2011 | Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php. | |||
| CVE-2010-4771 | 0.03 | — | 0.01 | Mar 23, 2011 | SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2009-1502 | 0.03 | — | 0.02 | May 1, 2009 | Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||
| CVE-2009-0864 | 0.03 | — | 0.03 | Mar 10, 2009 | S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. | |||
| CVE-2009-0863 | 0.03 | — | 0.01 | Mar 10, 2009 | SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2024-28187 | Hig | 0.00 | 7.2 | 0.02 | Mar 11, 2024 | SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability… | ||
| CVE-2020-15189 | Med | 0.00 | 6.8 | 0.03 | Sep 18, 2020 | SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This… | ||
| CVE-2020-15188 | Cri | 0.00 | 10.0 | 0.05 | Sep 18, 2020 | SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any… | ||
| CVE-2020-15182 | Hig | 0.00 | 8.4 | 0.01 | Sep 17, 2020 | The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the… |
- risk 0.31cvss 4.8epss 0.01
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- risk 0.31cvss 4.8epss 0.01
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The…
- CVE-2010-4772Mar 23, 2011risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php.
- CVE-2010-4771Mar 23, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2009-1502May 1, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
- CVE-2009-0864Mar 10, 2009risk 0.03cvss —epss 0.03
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
- CVE-2009-0863Mar 10, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
- risk 0.00cvss 7.2epss 0.02
SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability…
- risk 0.00cvss 6.8epss 0.03
SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This…
- risk 0.00cvss 10.0epss 0.05
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any…
- risk 0.00cvss 8.4epss 0.01
The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the…
Page 3 of 3