RSS   Vulnerabilities for 'S-cms'   RSS

2022-02-14
 
CVE-2022-23336

CWE-89
 

 
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.

 
2021-12-22
 
CVE-2020-20425

CWE-79
 

 
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.

 
 
CVE-2020-20426

CWE-79
 

 
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.

 
2021-10-14
 
CVE-2020-19954

CWE-611
 

 
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.

 
2021-09-15
 
CVE-2020-19158

CWE-79
 

 
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.

 
2021-08-31
 
CVE-2020-19046

CWE-79
 

 
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.

 
2021-07-30
 
CVE-2020-20698

CWE-862
 

 
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.

 
 
CVE-2020-20699

CWE-79
 

 
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.

 
 
CVE-2020-20700

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.

 
 
CVE-2020-20701

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

 


Copyright 2024, cxsecurity.com

 

Back to Top