CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34852
https://notcve.org/view.php?id=CVE-2023-34852
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. Las versiones anteriores a v4.0.202302 inclusive, de PublicCMS, son vulnerables a permisos inseguros. • https://github.com/funny-kill/CVE-2023-34852 https://github.com/funny-kill/CVE-2023-34852/blob/main/CVE-2023-34852.md https://github.com/sanluan/PublicCMS •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3950 – sanluan PublicCMS Tab dwz.min.js initLink cross site scripting
https://notcve.org/view.php?id=CVE-2022-3950
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. • https://github.com/sanluan/PublicCMS/commit/a972dc9b1c94aea2d84478bf26283904c21e4ca2 https://vuldb.com/?id.213456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27693
https://notcve.org/view.php?id=CVE-2021-27693
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. Una vulnerabilidad de tipo Server-side Request Forgery (SSRF) en PublicCMS versiones anteriores a 4.0.202011.b, por medio de /publiccms/admin/ueditor cuando la acción es catchimage • https://github.com/sanluan/PublicCMS/commit/0f4c4872914b6a71305e121a7d9a19c07cde0338 https://github.com/sanluan/PublicCMS/issues/51 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29784
https://notcve.org/view.php?id=CVE-2022-29784
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. PublicCMS versiones V4.0.202204.a y anteriores, contienen un filtrado de información por medio del componente /views/directive/sys/SysConfigDataDirective.java • https://github.com/JinYiTong/CVE-Req/blob/main/publiccms/publiccms.md https://github.com/sanluan/PublicCMS/commit/d8d7626cf51e4968fb384e1637a3c0c9921f33e9 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17368
https://notcve.org/view.php?id=CVE-2018-17368
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks. Se ha descubierto un problema en PublicCMS V4.0.180825. Para un intento de inicio de sesión no válido, la longitud de la respuesta es diferente dependiendo de si el nombre de usuario es válido, lo que hace que sea más fácil realizar ataques de fuerza bruta. • https://github.com/sanluan/PublicCMS/issues/18 •