Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Clippercms'
2019-08-15
CVE-2018-12101
CWE-79
CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.
2018-11-21
CVE-2018-19424
CWE-434
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.
2018-11-10
CVE-2018-19135
CWE-352
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory.
2018-07-12
CVE-2018-13998
CWE-79
ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.
2018-07-03
CVE-2018-13106
CWE-79
ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI.
2018-05-30
CVE-2018-11572
CWE-79
ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.
CVE-2018-11571
CWE-384
ClipperCMS 1.3.3 allows Session Fixation.
2018-05-24
CVE-2018-11332
CWE-79
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Clippercms' 