VYPR

Vendor CVEs

Siteserver

All CVEs

64 total · sorted by risk
  • CVE-2007-1966CriApr 11, 2007
    risk 0.59cvss 9.1epss 0.01

    Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

  • CVE-2024-7729HigAug 14, 2024
    risk 0.49cvss 7.5epss 0.01

    The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.

  • CVE-2026-7435HigApr 30, 2026
    risk 0.47cvss 7.2epss 0.00

    SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic…

  • CVE-2024-7728HigAug 14, 2024
    risk 0.47cvss 7.2epss 0.01

    The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.

  • CVE-2024-9294MedSep 27, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection.…

  • CVE-2024-8303MedAug 29, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. It is possible to initiate…

  • CVE-2024-29023HigApr 12, 2024
    risk 0.40cvss 7.2epss 0.01

    Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session.…

  • CVE-2015-8376MedJan 8, 2016
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1.

  • CVE-2024-12907MedJan 2, 2025
    risk 0.34cvss epss 0.00

    Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not…

  • CVE-2026-7429MedApr 30, 2026
    risk 0.30cvss 4.6epss 0.00

    SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can…

  • CVE-2020-24223Aug 30, 2020
    risk 0.04cvss epss 0.15

    Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.

  • CVE-2006-4963Sep 23, 2006
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code…

  • CVE-2013-4952Jul 29, 2013
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2012-5293Oct 4, 2012
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to…

  • CVE-2010-2674Jul 8, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action.

  • CVE-2010-2358Jun 21, 2010
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of…

  • CVE-2009-4876May 26, 2010
    risk 0.03cvss epss 0.02

    admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter.

  • CVE-2010-2047May 25, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information.

  • CVE-2009-4723Mar 18, 2010
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

  • CVE-2009-4156Dec 2, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.

  • CVE-2009-3514Oct 1, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a…

  • CVE-2009-2402Jul 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.

  • CVE-2009-2401Jul 9, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.

  • CVE-2007-3214Jun 14, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.

  • CVE-2007-2685May 21, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.

  • CVE-2006-4559Sep 6, 2006
    risk 0.03cvss epss 0.05

    Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3)…

  • CVE-2005-4317Dec 17, 2005
    risk 0.03cvss epss 0.05

    Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2)…

  • CVE-2025-25967Mar 3, 2025
    risk 0.00cvss epss 0.01

    Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of…

  • CVE-2024-53477Dec 2, 2024
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java

  • CVE-2024-48191Oct 28, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17

  • CVE-2024-48291Oct 28, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17

  • CVE-2024-48758Oct 16, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code

  • CVE-2024-46485Sep 25, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate

  • CVE-2024-46600Sep 25, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31

  • CVE-2024-8652Sep 19, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] .…

  • CVE-2024-8302Aug 29, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The…

  • CVE-2024-42611Aug 20, 2024
    risk 0.00cvss epss 0.00

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete

  • CVE-2024-42612Aug 20, 2024
    risk 0.00cvss epss 0.00

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add

  • CVE-2024-42607Aug 20, 2024
    risk 0.00cvss epss 0.00

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database

  • CVE-2024-32418Apr 22, 2024
    risk 0.00cvss epss 0.01

    An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.

  • CVE-2024-32343Apr 17, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.

  • CVE-2024-30614Apr 12, 2024
    risk 0.00cvss epss 0.00

    An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.

  • CVE-2023-2862May 24, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack…

  • CVE-2022-44298Jan 27, 2023
    risk 0.00cvss epss 0.01

    SiteServer CMS 7.1.3 is vulnerable to SQL Injection.

  • CVE-2022-44297Jan 26, 2023
    risk 0.00cvss epss 0.01

    SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.

  • CVE-2022-36226Aug 25, 2022
    risk 0.00cvss epss 0.01

    SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.

  • CVE-2020-35597Jun 16, 2022
    risk 0.00cvss epss 0.01

    Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.

  • CVE-2021-42655May 24, 2022
    risk 0.00cvss epss 0.01

    SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.

  • CVE-2021-42654May 24, 2022
    risk 0.00cvss epss 0.02

    SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.

  • CVE-2020-28960Oct 22, 2021
    risk 0.00cvss epss 0.02

    Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.

Page 1 of 2