Vulnerabilities > Auracms > Auracms > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-05 | CVE-2014-3975 | Path Traversal vulnerability in Auracms 3.0 Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. | 5.0 |
| 2014-06-05 | CVE-2014-3974 | Cross-Site Scripting vulnerability in Auracms 3.0 Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter. | 4.3 |