Vulnerabilities for S-cms (...) - CXSECURITY.COM

Vulnerabilities for 'S-cms'

2022-02-14

CVE-2022-23336

CWE-89

S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.

2021-12-22

CVE-2020-20425

CWE-79

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.

CVE-2020-20426

CWE-79

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.

2021-10-14

CVE-2020-19954

CWE-611

An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.

2021-09-15

CVE-2020-19158

CWE-79

Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.

2021-08-31

CVE-2020-19046

CWE-79

Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.

2021-07-30

CVE-2020-20698

CWE-862

A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.

CVE-2020-20699

CWE-79

A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.

CVE-2020-20700

CWE-79

A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.

CVE-2020-20701

CWE-79

A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Copyright 2024, cxsecurity.com