CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51252
https://notcve.org/view.php?id=CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing. PublicCMS 4.0 es vulnerable a Cross Site Scripting (XSS). Debido a que se pueden cargar archivos y se proporciona la función de vista previa en línea, se cargan archivos pdf y archivos html que contienen código malicioso, y se crea una ventana emergente XSS a través de la visualización en línea. • https://github.com/sanluan/PublicCMS/issues/79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46990
https://notcve.org/view.php?id=CVE-2023-46990
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. La deserialización de datos no confiables en PublicCMS v.4.0.202302.e permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función writeReplace. • https://github.com/sanluan/PublicCMS/issues/76#issue-1960443408 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48204
https://notcve.org/view.php?id=CVE-2023-48204
An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. Un problema en PublicCMS v.4.0.202302.e permite a un atacante remoto obtener información confidencial a través del parámetro appToken y Parameters del componente api/method/getHtml. • https://github.com/sanluan/PublicCMS/issues/77 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34852
https://notcve.org/view.php?id=CVE-2023-34852
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. Las versiones anteriores a v4.0.202302 inclusive, de PublicCMS, son vulnerables a permisos inseguros. • https://github.com/funny-kill/CVE-2023-34852 https://github.com/funny-kill/CVE-2023-34852/blob/main/CVE-2023-34852.md https://github.com/sanluan/PublicCMS •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20914
https://notcve.org/view.php?id=CVE-2020-20914
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. • https://github.com/sanluan/PublicCMS/issues/29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •