CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48202
https://notcve.org/view.php?id=CVE-2023-48202
Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. La vulnerabilidad de cross site scripting (XSS) en Sunlight CMS 8.0.1 permite a un usuario autenticado con pocos privilegios escalar privilegios a través de un archivo SVG manipulado en el componente File Manager. • https://mechaneus.github.io/CVE-2023-48202.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48201
https://notcve.org/view.php?id=CVE-2023-48201
Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. La vulnerabilidad de cross site scripting (XSS) en Sunlight CMS v.8.0.1 permite a atacantes remotos autenticados ejecutar código arbitrario y escalar privilegios a través de una secuencia de comandos manipulada al componente del editor de texto de contenido. • https://mechaneus.github.io/CVE-2023-48201.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 2CVE-2007-2774 – SunLight CMS 5.3 - 'root' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2774
Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en SunLight CMS 5.3 permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro root en (1) _connect.php o (2) modules/startup.php. • https://www.exploit-db.com/exploits/3953 http://osvdb.org/36227 http://osvdb.org/36228 http://secunia.com/advisories/25366 http://www.securityfocus.com/bid/24062 http://www.vupen.com/english/advisories/2007/1885 https://exchange.xforce.ibmcloud.com/vulnerabilities/34393 •