VYPR
Vendor

Sheer Vision Technologies

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2026-7435HigApr 30, 2026
    risk 0.47cvss 7.2epss 0.00

    SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic…

  • CVE-2026-4234MedMar 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The…

  • CVE-2026-4542MedMar 22, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from…

  • CVE-2026-7429MedApr 30, 2026
    risk 0.30cvss 4.6epss 0.00

    SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can…

  • CVE-2026-4222LowMar 16, 2026
    risk 0.25cvss 3.8epss 0.00

    A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is…

  • CVE-2025-52237Aug 5, 2025
    risk 0.00cvss epss 0.00

    An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.

  • CVE-2025-45529May 27, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.

  • CVE-2023-43952Oct 3, 2023
    risk 0.00cvss epss 0.00

    SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component.

  • CVE-2023-43953Oct 3, 2023
    risk 0.00cvss epss 0.00

    SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.

  • CVE-2006-1405Mar 28, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite.NET Content Management System (ssCMS) 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.