CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51252
https://notcve.org/view.php?id=CVE-2023-51252
10 Jan 2024 — PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing. PublicCMS 4.0 es vulnerable a Cross Site Scripting (XSS). Debido a que se pueden cargar archivos y se proporciona la función de vista previa en línea, se cargan archivos pdf y archivos html que contienen código malicioso, y se crea una ventana emergente XSS a t... • https://github.com/sanluan/PublicCMS/issues/79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46990
https://notcve.org/view.php?id=CVE-2023-46990
20 Nov 2023 — Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. La deserialización de datos no confiables en PublicCMS v.4.0.202302.e permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función writeReplace. • https://github.com/sanluan/PublicCMS/issues/76#issue-1960443408 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48204
https://notcve.org/view.php?id=CVE-2023-48204
15 Nov 2023 — An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. Un problema en PublicCMS v.4.0.202302.e permite a un atacante remoto obtener información confidencial a través del parámetro appToken y Parameters del componente api/method/getHtml. • https://github.com/sanluan/PublicCMS/issues/77 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34852
https://notcve.org/view.php?id=CVE-2023-34852
15 Jun 2023 — PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. Las versiones anteriores a v4.0.202302 inclusive, de PublicCMS, son vulnerables a permisos inseguros. • https://github.com/funny-kill/CVE-2023-34852 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20915
https://notcve.org/view.php?id=CVE-2020-20915
04 Apr 2023 — SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. • https://github.com/sanluan/PublicCMS/issues/29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20914
https://notcve.org/view.php?id=CVE-2020-20914
04 Apr 2023 — SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. • https://github.com/sanluan/PublicCMS/issues/29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3950 – sanluan PublicCMS Tab dwz.min.js initLink cross site scripting
https://notcve.org/view.php?id=CVE-2022-3950
11 Nov 2022 — A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. • https://github.com/sanluan/PublicCMS/commit/a972dc9b1c94aea2d84478bf26283904c21e4ca2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27693
https://notcve.org/view.php?id=CVE-2021-27693
02 Sep 2022 — Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. Una vulnerabilidad de tipo Server-side Request Forgery (SSRF) en PublicCMS versiones anteriores a 4.0.202011.b, por medio de /publiccms/admin/ueditor cuando la acción es catchimage • https://github.com/sanluan/PublicCMS/commit/0f4c4872914b6a71305e121a7d9a19c07cde0338 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29784
https://notcve.org/view.php?id=CVE-2022-29784
03 Jun 2022 — PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. PublicCMS versiones V4.0.202204.a y anteriores, contienen un filtrado de información por medio del componente /views/directive/sys/SysConfigDataDirective.java • https://github.com/JinYiTong/CVE-Req/blob/main/publiccms/publiccms.md •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23389
https://notcve.org/view.php?id=CVE-2022-23389
14 Feb 2022 — PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. Se ha detectado que PublicCMS versión v4.0 contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del parámetro cmdarray • https://github.com/sanluan/PublicCMS/issues/59 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •