CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23715
https://notcve.org/view.php?id=CVE-2020-23715
28 Jun 2021 — Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. Una vulnerabilidad de Salto de Directorio en Webport CMS versión 1.19.10.17121, en http://localhost/file/download por medio del valor del archivo • https://github.com/luuthehienhbit/LFI-Vulnerability-Webport-CMS-version-1.19.10.17121/blob/master/README.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30082
https://notcve.org/view.php?id=CVE-2021-30082
24 May 2021 — An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard. Se detectó un problema en Gris CMS versión v0.1. Se presenta una vulnerabilidad de tipo XSS persistente que permite a atacantes remotos inyectar un script web o HTML arbitrario por medio del admin/dashboard • https://github.com/dignajar/gris/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-29280
https://notcve.org/view.php?id=CVE-2020-29280
02 Dec 2020 — The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. La aplicación Victor CMS versión v1.0, es vulnerable a una inyección SQL por medio del parámetro "search" en la página search.php • https://github.com/BigTiger2020/Victor-CMS-/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23945
https://notcve.org/view.php?id=CVE-2020-23945
27 Oct 2020 — A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database. Se presenta una vulnerabilidad de inyección SQL en Victor CMS versión V1.0, en el parámetro cat_id del archivo category.php. Este parámetro puede ser usado por sqlmap para conseguir información de datos en la base de datos • https://github.com/VictorAlagwu/CMSsite/issues/14 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15182 – Cross-site Request Forgery leading to RCE in SOY CMS
https://notcve.org/view.php?id=CVE-2020-15182
17 Sep 2020 — The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328. • https://github.com/inunosinsi/soycms/pull/15 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-23977
https://notcve.org/view.php?id=CVE-2020-23977
27 Aug 2020 — KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter. KandNconcepts Club CMS versiones 1.1 y 1.2, presenta una vulnerabilidad de tipo cross site scripting por medio del parámetro id de los archivos "team.php, player.php, club.php" • https://packetstormsecurity.com/files/157049/KandNconcepts-Club-CMS-1.1-1.2-Cross-Site-Scripting-SQL-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-23973
https://notcve.org/view.php?id=CVE-2020-23973
27 Aug 2020 — KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. KandNconcepts Club CMS versiones 1.1 y 1.2, presenta una inyección SQL por medio del parámetro id de los archivos "team.php, player.php, club.php" • https://packetstormsecurity.com/files/157049/KandNconcepts-Club-CMS-1.1-1.2-Cross-Site-Scripting-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7410
https://notcve.org/view.php?id=CVE-2019-7410
14 Aug 2020 — There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). Se presenta una vulnerabilidad de tipo cross site scripting (XSS) almacenado en Galileo CMS versión v0.042. Los usuarios autenticados remotos pueden inyectar script web o HTML arbitrario por medio de la función $page_title en la biblioteca /lib/Galileo/files/templates/page/show.html... • https://github.com/jberger/Galileo/pull/55/files • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 20%CPEs: 1EXPL: 4CVE-2020-24223 – Mara CMS 7.5 - Reflective Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-24223
03 Aug 2020 — Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. Mara CMS 7.5 permite el cross-site scripting (XSS) en contact.php a través de los parámetros theme o pagetheme Mara CMS version 7.5 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/158728 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15599 – Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15599
07 Jul 2020 — Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. Victor CMS hasta el 28-02-2019, permite un ataque de tipo XSS por medio del campo user_firstname o user_lastname del archivo register.php • https://www.exploit-db.com/exploits/48626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •