VYPR

Clippercms

by Clippercms

Source repositories

CVEs (11)

  • CVE-2022-41497CriOct 13, 2022
    risk 0.64cvss 9.8epss 0.01

    ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.

  • CVE-2022-41495CriOct 13, 2022
    risk 0.64cvss 9.8epss 0.01

    ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.

  • CVE-2018-19135HigNov 11, 2018
    risk 0.60cvss 8.8epss 0.03

    ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by…

  • CVE-2018-11571HigMay 31, 2018
    risk 0.57cvss 8.8epss 0.01

    ClipperCMS 1.3.3 allows Session Fixation.

  • CVE-2018-19424HigNov 21, 2018
    risk 0.47cvss 7.2epss 0.02

    ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.

  • CVE-2018-12101MedAug 15, 2019
    risk 0.35cvss 5.4epss 0.01

    CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.

  • CVE-2018-11572MedMay 31, 2018
    risk 0.35cvss 5.4epss 0.01

    ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.

  • CVE-2018-11332MedMay 24, 2018
    risk 0.34cvss 4.8epss 0.02

    Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php…

  • CVE-2018-13998MedJul 12, 2018
    risk 0.31cvss 4.8epss 0.01

    ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.

  • CVE-2018-13106MedJul 3, 2018
    risk 0.31cvss 4.8epss 0.01

    ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI.

  • CVE-2021-28134CriMar 11, 2021
    risk 0.00cvss 9.8epss 0.05

    Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.