CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4377 – S-CMS Contact Information Page cross site scripting
https://notcve.org/view.php?id=CVE-2022-4377
09 Dec 2022 — A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. • https://github.com/mengdeyin/main/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23336
https://notcve.org/view.php?id=CVE-2022-23336
14 Feb 2022 — S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. Se ha detectado que S-CMS versión v5.0, contiene una vulnerabilidad de inyección SQL en el archivo member_pay.php por medio del parámetro O_id • http://note.youdao.com/noteshare?id=30c7cdeac5c7611fdf64379eb4569269 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20426
https://notcve.org/view.php?id=CVE-2020-20426
22 Dec 2021 — S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. S-CMS Government Station Building System versión v5.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo /function/booksave.php • http://government.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20425
https://notcve.org/view.php?id=CVE-2020-20425
22 Dec 2021 — S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. S-CMS Government Station Building System versión v5.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en la función search • http://government.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19954
https://notcve.org/view.php?id=CVE-2020-19954
14 Oct 2021 — An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. Se ha detectado una vulnerabilidad de tipo XML External Entity (XXE) en el archivo /api/notify.php en S-CMS versión 3.0, que permite a atacantes leer archivos arbitrarios • https://github.com/zhuxianjin/vuln_repo/blob/master/S-CMS%20v3.0%20XXE%20Arbitrary%20File%20Read%20Vulnerability.md • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19158
https://notcve.org/view.php?id=CVE-2020-19158
15 Sep 2021 — Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en S-CMS versiones build 20191014 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio del parámetro "Site Title" del componente "/data/admin/#/app/config/" • https://github.com/TL-swallow/swallow/blob/master/S-CMS%20XSS1.docx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20340
https://notcve.org/view.php?id=CVE-2020-20340
01 Sep 2021 — A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. Una vulnerabilidad de inyección SQL en el componente 4.edu.php\conn\function.php de S-CMS versión v1.0, permite a atacantes acceder a información confidencial de la base de datos • https://github.com/mntn0x/POC/blob/master/S-CMS/S-CMS-SQL%E6%B3%A8%E5%85%A5.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19046
https://notcve.org/view.php?id=CVE-2020-19046
31 Aug 2021 — Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en S-CMS versión v1.0, permite a atacantes remotos ejecutar código arbitrario por medio del componente "/admin/tpl.php?page=" • https://github.com/Aoyanm/audit/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20701
https://notcve.org/view.php?id=CVE-2020-20701
27 Jul 2021 — A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en /app/config/de S-CMS PHP versión v3.0 permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada • https://github.com/Peithon/site_XSS/blob/master/readme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20700
https://notcve.org/view.php?id=CVE-2020-20700
27 Jul 2021 — A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en /app/form_add/de S-CMS PHP versión v3.0, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el cuadro de texto Title Entry • https://github.com/Peithon/recycle_XSS/blob/master/readme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •