CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51252
https://notcve.org/view.php?id=CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing. PublicCMS 4.0 es vulnerable a Cross Site Scripting (XSS). Debido a que se pueden cargar archivos y se proporciona la función de vista previa en línea, se cargan archivos pdf y archivos html que contienen código malicioso, y se crea una ventana emergente XSS a través de la visualización en línea. • https://github.com/sanluan/PublicCMS/issues/79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34852
https://notcve.org/view.php?id=CVE-2023-34852
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. Las versiones anteriores a v4.0.202302 inclusive, de PublicCMS, son vulnerables a permisos inseguros. • https://github.com/funny-kill/CVE-2023-34852 https://github.com/funny-kill/CVE-2023-34852/blob/main/CVE-2023-34852.md https://github.com/sanluan/PublicCMS •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20914
https://notcve.org/view.php?id=CVE-2020-20914
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. • https://github.com/sanluan/PublicCMS/issues/29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20915
https://notcve.org/view.php?id=CVE-2020-20915
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. • https://github.com/sanluan/PublicCMS/issues/29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3950 – sanluan PublicCMS Tab dwz.min.js initLink cross site scripting
https://notcve.org/view.php?id=CVE-2022-3950
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. • https://github.com/sanluan/PublicCMS/commit/a972dc9b1c94aea2d84478bf26283904c21e4ca2 https://vuldb.com/?id.213456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •