VYPR
Vendor

Boiteasite

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2023-51468CriDec 29, 2023
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.

  • CVE-2023-51470CriDec 29, 2023
    risk 0.64cvss 9.9epss 0.01

    Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1.

  • CVE-2018-15567MedAug 20, 2018
    risk 0.33cvss 6.1epss 0.01

    CMSUno before 1.5.3 has XSS via the title field.

  • CVE-2021-36654Aug 3, 2021
    risk 0.03cvss epss 0.02

    CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.

  • CVE-2020-25538Nov 13, 2020
    risk 0.03cvss epss 0.10

    An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.

  • CVE-2020-15600Jul 7, 2020
    risk 0.03cvss epss 0.02

    An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.

  • CVE-2021-40889Oct 11, 2021
    risk 0.00cvss epss 0.02

    CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject…