Cmsuno
by Boiteasite
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15567 | Med | 0.33 | 6.1 | 0.01 | Aug 20, 2018 | CMSUno before 1.5.3 has XSS via the title field. | ||
| CVE-2021-36654 | 0.03 | — | 0.02 | Aug 3, 2021 | CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. | |||
| CVE-2020-25538 | 0.03 | — | 0.10 | Nov 13, 2020 | An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. | |||
| CVE-2020-15600 | 0.03 | — | 0.02 | Jul 7, 2020 | An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. | |||
| CVE-2021-40889 | 0.00 | — | 0.02 | Oct 11, 2021 | CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject… |
- risk 0.33cvss 6.1epss 0.01
CMSUno before 1.5.3 has XSS via the title field.
- CVE-2021-36654Aug 3, 2021risk 0.03cvss —epss 0.02
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.
- CVE-2020-25538Nov 13, 2020risk 0.03cvss —epss 0.10
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
- CVE-2020-15600Jul 7, 2020risk 0.03cvss —epss 0.02
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
- CVE-2021-40889Oct 11, 2021risk 0.00cvss —epss 0.02
CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject…