CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4270 – Imprint CMS ViewHelpers.cs SearchForm cross site scripting
https://notcve.org/view.php?id=CVE-2021-4270
21 Dec 2022 — A vulnerability was found in Imprint CMS. It has been classified as problematic. Affected is the function SearchForm of the file ImprintCMS/Models/ViewHelpers.cs. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/peders/Imprint-CMS/commit/6140b140ccd02b5e4e7d6ba013ac1225724487f4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4353 – LinZhaoguan pb-cms IpUtil.getIpAddr cross site scripting
https://notcve.org/view.php?id=CVE-2022-4353
08 Dec 2022 — A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/LinZhaoguan/pb-cms/issues/I52422 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4354 – LinZhaoguan pb-cms Message Board comment cross site scripting
https://notcve.org/view.php?id=CVE-2022-4354
08 Dec 2022 — A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/LinZhaoguan/pb-cms/issues/I4XWJ7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35284
https://notcve.org/view.php?id=CVE-2021-35284
23 Nov 2022 — SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. Vulnerabilidad de inyección SQL en la función get_user en login_manager.php en rizalafani cms-php v1. • https://github.com/rizalafani/cms-php/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-42245 – Dreamer CMS 4.0.0 SQL Injection
https://notcve.org/view.php?id=CVE-2022-42245
17 Nov 2022 — Dreamer CMS 4.0.01 is vulnerable to SQL Injection. Dreamer CMS 4.0.01 es vulnerable a la inyección SQL. Dreamer CMS version 4.0.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/171585 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3943 – ForU CMS cms_chip.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-3943
11 Nov 2022 — A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44244
https://notcve.org/view.php?id=CVE-2022-44244
09 Nov 2022 — An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. Una omisión de autenticación en Lin-CMS v0.2.1 permite a los atacantes escalar privilegios a superadministrador. • https://gist.github.com/cai-niao98/58c97899695488bd73a73d56adf44c4c • CWE-287: Improper Authentication •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41731 – News247 News Magazine 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-41731
15 Sep 2022 — Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en )Sourcecodester News247 News Magazine (CMS) PHP versiones 5.6 o superiores y MySQL versiones 5.7 o superiores, por medio del campo name de la categoría del blog News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/168384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 56%CPEs: 1EXPL: 1CVE-2022-37299
https://notcve.org/view.php?id=CVE-2022-37299
09 Sep 2022 — An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php Se ha detectado un problema en Shirne CMS versión 1.2.0. Se presenta una vulnerabilidad de Salto de Ruta que podría causar una lectura arbitraria de archivos por medio del archivo /static/ueditor/php/controller.php • https://gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36529
https://notcve.org/view.php?id=CVE-2022-36529
26 Aug 2022 — Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. Se ha detectado que Kensite CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL por medio de los parámetros name y oldname en el archivo /framework/mod/db/DBMapper.xml. • https://github.com/seeyoui/kensite_cms • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •