Content Management System
by Bpg Infotech
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-10142 | Med | 0.45 | — | 0.00 | Jul 25, 2025 | Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root… | ||
| CVE-2018-25331 | Med | 0.40 | 6.1 | 0.00 | May 17, 2026 | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the… | ||
| CVE-2026-3317 | Med | 0.33 | — | 0.00 | Apr 21, 2026 | Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow… | ||
| CVE-2025-14730 | Med | 0.31 | 4.7 | 0.00 | Dec 15, 2025 | A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/Ct_Config.php of the component Backend System Configuration Module. The manipulation of the argument Cj_Add/Cj_Edit results… | ||
| CVE-2006-5257 | 0.03 | — | 0.02 | Oct 12, 2006 | PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter. | |||
| CVE-2025-63551 | 0.00 | — | 0.00 | Nov 6, 2025 | A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious… | |||
| CVE-2025-4545 | 0.00 | — | 0.01 | May 11, 2025 | A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File leads to path traversal. It… | |||
| CVE-2023-48987 | 0.00 | — | 0.01 | Feb 14, 2024 | Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. | |||
| CVE-2023-48986 | 0.00 | — | 0.01 | Feb 14, 2024 | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component. | |||
| CVE-2023-48985 | 0.00 | — | 0.01 | Feb 14, 2024 | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component. | |||
| CVE-2022-47740 | 0.00 | — | 0.01 | Jan 19, 2023 | Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. | |||
| CVE-2021-25197 | 0.00 | — | 0.01 | Jul 22, 2021 | Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php | |||
| CVE-2006-6110 | 0.00 | — | 0.01 | Nov 26, 2006 | Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp. |
- risk 0.45cvss —epss 0.00
Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root…
- risk 0.40cvss 6.1epss 0.00
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the…
- risk 0.33cvss —epss 0.00
Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow…
- risk 0.31cvss 4.7epss 0.00
A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/Ct_Config.php of the component Backend System Configuration Module. The manipulation of the argument Cj_Add/Cj_Edit results…
- CVE-2006-5257Oct 12, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.
- CVE-2025-63551Nov 6, 2025risk 0.00cvss —epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious…
- CVE-2025-4545May 11, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File leads to path traversal. It…
- CVE-2023-48987Feb 14, 2024risk 0.00cvss —epss 0.01
Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component.
- CVE-2023-48986Feb 14, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component.
- CVE-2023-48985Feb 14, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component.
- CVE-2022-47740Jan 19, 2023risk 0.00cvss —epss 0.01
Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php.
- CVE-2021-25197Jul 22, 2021risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php
- CVE-2006-6110Nov 26, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp.