Vendor CVEs
Siteserver
All CVEs
64 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-20122 | 0.00 | — | 0.01 | Sep 28, 2021 | Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | |||
| CVE-2020-19155 | 0.00 | — | 0.07 | Sep 15, 2021 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | |||
| CVE-2020-19154 | 0.00 | — | 0.04 | Sep 15, 2021 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'. | |||
| CVE-2020-19148 | 0.00 | — | 0.01 | Sep 15, 2021 | Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'. | |||
| CVE-2020-19146 | 0.00 | — | 0.02 | Sep 15, 2021 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. | |||
| CVE-2020-21976 | 0.00 | — | 0.02 | Aug 11, 2021 | An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. | |||
| CVE-2020-23715 | 0.00 | — | 0.02 | Jun 28, 2021 | Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. | |||
| CVE-2020-23962 | 0.00 | — | 0.01 | Jun 23, 2021 | A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter. | |||
| CVE-2020-35126 | 0.00 | — | 0.01 | Dec 11, 2020 | Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy. | |||
| CVE-2020-26042 | 0.00 | — | 0.01 | Sep 29, 2020 | An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | |||
| CVE-2019-11401 | 0.00 | — | 0.03 | Apr 21, 2019 | A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted. | |||
| CVE-2019-9110 | 0.00 | — | 0.01 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | |||
| CVE-2007-1965 | 0.00 | — | 0.01 | Apr 11, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. | |||
| CVE-2006-4738 | 0.00 | — | 0.01 | Sep 13, 2006 | PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270. |
- CVE-2020-20122Sep 28, 2021risk 0.00cvss —epss 0.01
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
- CVE-2020-19155Sep 15, 2021risk 0.00cvss —epss 0.07
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.
- CVE-2020-19154Sep 15, 2021risk 0.00cvss —epss 0.04
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
- CVE-2020-19148Sep 15, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
- CVE-2020-19146Sep 15, 2021risk 0.00cvss —epss 0.02
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
- CVE-2020-21976Aug 11, 2021risk 0.00cvss —epss 0.02
An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.
- CVE-2020-23715Jun 28, 2021risk 0.00cvss —epss 0.02
Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download.
- CVE-2020-23962Jun 23, 2021risk 0.00cvss —epss 0.01
A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter.
- CVE-2020-35126Dec 11, 2020risk 0.00cvss —epss 0.01
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy.
- CVE-2020-26042Sep 29, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
- CVE-2019-11401Apr 21, 2019risk 0.00cvss —epss 0.03
A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.
- CVE-2019-9110Feb 25, 2019risk 0.00cvss —epss 0.01
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.
- CVE-2007-1965Apr 11, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
- CVE-2006-4738Sep 13, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.
Page 2 of 2