Vendor CVEs
Siteserver
All CVEs
64 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-1966 | Cri | 0.59 | 9.1 | 0.01 | Apr 11, 2007 | Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. | ||
| CVE-2024-7729 | Hig | 0.49 | 7.5 | 0.01 | Aug 14, 2024 | The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files. | ||
| CVE-2026-7435 | Hig | 0.47 | 7.2 | 0.00 | Apr 30, 2026 | SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic… | ||
| CVE-2024-7728 | Hig | 0.47 | 7.2 | 0.01 | Aug 14, 2024 | The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server. | ||
| CVE-2024-9294 | Med | 0.41 | 6.3 | 0.00 | Sep 27, 2024 | A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection.… | ||
| CVE-2024-8303 | Med | 0.41 | 6.3 | 0.00 | Aug 29, 2024 | A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. It is possible to initiate… | ||
| CVE-2024-29023 | Hig | 0.40 | 7.2 | 0.01 | Apr 12, 2024 | Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session.… | ||
| CVE-2015-8376 | Med | 0.40 | 6.1 | 0.01 | Jan 8, 2016 | Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1. | ||
| CVE-2024-12907 | Med | 0.34 | — | 0.00 | Jan 2, 2025 | Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not… | ||
| CVE-2026-7429 | Med | 0.30 | 4.6 | 0.00 | Apr 30, 2026 | SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can… | ||
| CVE-2020-24223 | 0.04 | — | 0.15 | Aug 30, 2020 | Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | |||
| CVE-2006-4963 | 0.04 | — | 0.07 | Sep 23, 2006 | Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code… | |||
| CVE-2013-4952 | 0.03 | — | 0.01 | Jul 29, 2013 | SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5293 | 0.03 | — | 0.03 | Oct 4, 2012 | Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to… | |||
| CVE-2010-2674 | 0.03 | — | 0.01 | Jul 8, 2010 | SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action. | |||
| CVE-2010-2358 | 0.03 | — | 0.03 | Jun 21, 2010 | PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of… | |||
| CVE-2009-4876 | 0.03 | — | 0.02 | May 26, 2010 | admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter. | |||
| CVE-2010-2047 | 0.03 | — | 0.01 | May 25, 2010 | SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-4723 | 0.03 | — | 0.02 | Mar 18, 2010 | Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||
| CVE-2009-4156 | 0.03 | — | 0.02 | Dec 2, 2009 | PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter. | |||
| CVE-2009-3514 | 0.03 | — | 0.01 | Oct 1, 2009 | Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a… | |||
| CVE-2009-2402 | 0.03 | — | 0.01 | Jul 9, 2009 | SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355. | |||
| CVE-2009-2401 | 0.03 | — | 0.01 | Jul 9, 2009 | Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post. | |||
| CVE-2007-3214 | 0.03 | — | 0.01 | Jun 14, 2007 | SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter. | |||
| CVE-2007-2685 | 0.03 | — | 0.01 | May 21, 2007 | Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter. | |||
| CVE-2006-4559 | 0.03 | — | 0.05 | Sep 6, 2006 | Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3)… | |||
| CVE-2005-4317 | 0.03 | — | 0.05 | Dec 17, 2005 | Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2)… | |||
| CVE-2025-25967 | 0.00 | — | 0.01 | Mar 3, 2025 | Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of… | |||
| CVE-2024-53477 | 0.00 | — | 0.01 | Dec 2, 2024 | JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java | |||
| CVE-2024-48191 | 0.00 | — | 0.00 | Oct 28, 2024 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17 | |||
| CVE-2024-48291 | 0.00 | — | 0.00 | Oct 28, 2024 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17 | |||
| CVE-2024-48758 | 0.00 | — | 0.00 | Oct 16, 2024 | dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code | |||
| CVE-2024-46485 | 0.00 | — | 0.00 | Sep 25, 2024 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate | |||
| CVE-2024-46600 | 0.00 | — | 0.00 | Sep 25, 2024 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31 | |||
| CVE-2024-8652 | 0.00 | — | 0.00 | Sep 19, 2024 | A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] .… | |||
| CVE-2024-8302 | 0.00 | — | 0.01 | Aug 29, 2024 | A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The… | |||
| CVE-2024-42611 | 0.00 | — | 0.00 | Aug 20, 2024 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete | |||
| CVE-2024-42612 | 0.00 | — | 0.00 | Aug 20, 2024 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add | |||
| CVE-2024-42607 | 0.00 | — | 0.00 | Aug 20, 2024 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database | |||
| CVE-2024-32418 | 0.00 | — | 0.01 | Apr 22, 2024 | An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. | |||
| CVE-2024-32343 | 0.00 | — | 0.00 | Apr 17, 2024 | A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | |||
| CVE-2024-30614 | 0.00 | — | 0.00 | Apr 12, 2024 | An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. | |||
| CVE-2023-2862 | 0.00 | — | 0.01 | May 24, 2023 | A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack… | |||
| CVE-2022-44298 | 0.00 | — | 0.01 | Jan 27, 2023 | SiteServer CMS 7.1.3 is vulnerable to SQL Injection. | |||
| CVE-2022-44297 | 0.00 | — | 0.01 | Jan 26, 2023 | SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. | |||
| CVE-2022-36226 | 0.00 | — | 0.01 | Aug 25, 2022 | SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. | |||
| CVE-2020-35597 | 0.00 | — | 0.01 | Jun 16, 2022 | Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. | |||
| CVE-2021-42655 | 0.00 | — | 0.01 | May 24, 2022 | SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | |||
| CVE-2021-42654 | 0.00 | — | 0.02 | May 24, 2022 | SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. | |||
| CVE-2020-28960 | 0.00 | — | 0.02 | Oct 22, 2021 | Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters. |
- risk 0.59cvss 9.1epss 0.01
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
- risk 0.49cvss 7.5epss 0.01
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.
- risk 0.47cvss 7.2epss 0.00
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic…
- risk 0.47cvss 7.2epss 0.01
The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.
- risk 0.41cvss 6.3epss 0.00
A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection.…
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. It is possible to initiate…
- risk 0.40cvss 7.2epss 0.01
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session.…
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1.
- risk 0.34cvss —epss 0.00
Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not…
- risk 0.30cvss 4.6epss 0.00
SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can…
- CVE-2020-24223Aug 30, 2020risk 0.04cvss —epss 0.15
Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.
- CVE-2006-4963Sep 23, 2006risk 0.04cvss —epss 0.07
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code…
- CVE-2013-4952Jul 29, 2013risk 0.03cvss —epss 0.01
SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2012-5293Oct 4, 2012risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to…
- CVE-2010-2674Jul 8, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action.
- CVE-2010-2358Jun 21, 2010risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of…
- CVE-2009-4876May 26, 2010risk 0.03cvss —epss 0.02
admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter.
- CVE-2010-2047May 25, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information.
- CVE-2009-4723Mar 18, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
- CVE-2009-4156Dec 2, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
- CVE-2009-3514Oct 1, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a…
- CVE-2009-2402Jul 9, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.
- CVE-2009-2401Jul 9, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.
- CVE-2007-3214Jun 14, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.
- CVE-2007-2685May 21, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.
- CVE-2006-4559Sep 6, 2006risk 0.03cvss —epss 0.05
Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3)…
- CVE-2005-4317Dec 17, 2005risk 0.03cvss —epss 0.05
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2)…
- CVE-2025-25967Mar 3, 2025risk 0.00cvss —epss 0.01
Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of…
- CVE-2024-53477Dec 2, 2024risk 0.00cvss —epss 0.01
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java
- CVE-2024-48191Oct 28, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
- CVE-2024-48291Oct 28, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
- CVE-2024-48758Oct 16, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code
- CVE-2024-46485Sep 25, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate
- CVE-2024-46600Sep 25, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31
- CVE-2024-8652Sep 19, 2024risk 0.00cvss —epss 0.00
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] .…
- CVE-2024-8302Aug 29, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The…
- CVE-2024-42611Aug 20, 2024risk 0.00cvss —epss 0.00
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
- CVE-2024-42612Aug 20, 2024risk 0.00cvss —epss 0.00
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
- CVE-2024-42607Aug 20, 2024risk 0.00cvss —epss 0.00
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
- CVE-2024-32418Apr 22, 2024risk 0.00cvss —epss 0.01
An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.
- CVE-2024-32343Apr 17, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
- CVE-2024-30614Apr 12, 2024risk 0.00cvss —epss 0.00
An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.
- CVE-2023-2862May 24, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack…
- CVE-2022-44298Jan 27, 2023risk 0.00cvss —epss 0.01
SiteServer CMS 7.1.3 is vulnerable to SQL Injection.
- CVE-2022-44297Jan 26, 2023risk 0.00cvss —epss 0.01
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.
- CVE-2022-36226Aug 25, 2022risk 0.00cvss —epss 0.01
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.
- CVE-2020-35597Jun 16, 2022risk 0.00cvss —epss 0.01
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
- CVE-2021-42655May 24, 2022risk 0.00cvss —epss 0.01
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
- CVE-2021-42654May 24, 2022risk 0.00cvss —epss 0.02
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
- CVE-2020-28960Oct 22, 2021risk 0.00cvss —epss 0.02
Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.
Page 1 of 2