Vulnerabilities > Aerocms Project > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2023-29847 Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php.
network
low complexity
aerocms-project CWE-79
5.4
5.4
2022-12-13 CVE-2022-46059 Cross-Site Request Forgery (CSRF) vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
network
low complexity
aerocms-project CWE-352
6.5
6.5
2022-12-13 CVE-2022-46047 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
network
low complexity
aerocms-project CWE-89
4.9
4.9
2022-12-13 CVE-2022-46058 Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php.
network
low complexity
aerocms-project CWE-79
4.8
4.8
2022-12-13 CVE-2022-46061 Improper Restriction of Rendered UI Layers or Frames vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 is vulnerable to ClickJacking.
network
low complexity
aerocms-project CWE-1021
6.1
6.1
2022-11-22 CVE-2022-45529 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php.
network
low complexity
aerocms-project CWE-89
4.9
4.9
2022-11-22 CVE-2022-45535 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php.
network
low complexity
aerocms-project CWE-89
4.9
4.9
2022-11-22 CVE-2022-45536 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php.
network
low complexity
aerocms-project CWE-89
4.9
4.9
2022-04-08 CVE-2022-27061 Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel.
network
low complexity
aerocms-project CWE-434
6.5
6.5
2022-04-08 CVE-2022-27063 Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. 		4.3
4.3