DiliCMS
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19291 | Med | 0.42 | 6.5 | 0.01 | Nov 15, 2018 | An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. | ||
| CVE-2018-18210 | Med | 0.40 | 6.1 | 0.01 | Oct 10, 2018 | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. | ||
| CVE-2018-18209 | Med | 0.40 | 6.1 | 0.01 | Oct 10, 2018 | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. | ||
| CVE-2019-8439 | Med | 0.35 | 5.4 | 0.01 | Mar 7, 2019 | An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. | ||
| CVE-2019-8440 | Med | 0.31 | 4.8 | 0.01 | Mar 7, 2019 | An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. | ||
| CVE-2019-8438 | Med | 0.31 | 4.8 | 0.01 | Mar 7, 2019 | An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. |
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
- risk 0.40cvss 6.1epss 0.01
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.
- risk 0.40cvss 6.1epss 0.01
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name.