VYPR

Vendor CVEs

Siteserver

All CVEs

64 total · sorted by risk
  • CVE-2020-20122Sep 28, 2021
    risk 0.00cvss epss 0.01

    Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.

  • CVE-2020-19155Sep 15, 2021
    risk 0.00cvss epss 0.07

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.

  • CVE-2020-19154Sep 15, 2021
    risk 0.00cvss epss 0.04

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.

  • CVE-2020-19148Sep 15, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.

  • CVE-2020-19146Sep 15, 2021
    risk 0.00cvss epss 0.02

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.

  • CVE-2020-21976Aug 11, 2021
    risk 0.00cvss epss 0.02

    An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.

  • CVE-2020-23715Jun 28, 2021
    risk 0.00cvss epss 0.02

    Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download.

  • CVE-2020-23962Jun 23, 2021
    risk 0.00cvss epss 0.01

    A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter.

  • CVE-2020-35126Dec 11, 2020
    risk 0.00cvss epss 0.01

    Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy.

  • CVE-2020-26042Sep 29, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php

  • CVE-2019-11401Apr 21, 2019
    risk 0.00cvss epss 0.03

    A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.

  • CVE-2019-9110Feb 25, 2019
    risk 0.00cvss epss 0.01

    XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.

  • CVE-2007-1965Apr 11, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.

  • CVE-2006-4738Sep 13, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.

Page 2 of 2