Vulnerabilities > Bagesoft

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-06	CVE-2023-37122	Cross-site Scripting vulnerability in Bagesoft Bagecms 3.1.0 A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module. network low complexity bagesoft CWE-79	5.4
2019-02-17	CVE-2019-8421	SQL Injection vulnerability in Bagesoft Bagecms 3.1.3/3.1.4 upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. network low complexity bagesoft CWE-89	6.5
2018-11-26	CVE-2018-19560	Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3 BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. network bagesoft CWE-352 critical	9.3
2018-11-08	CVE-2018-19104	Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3 In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. network bagesoft CWE-352	6.8
2018-10-11	CVE-2018-18258	Code Injection vulnerability in Bagesoft Bagecms 3.1.3 An issue was discovered in BageCMS 3.1.3. network low complexity bagesoft CWE-94	7.5
2018-10-11	CVE-2018-18257	Path Traversal vulnerability in Bagesoft Bagecms 3.1.3 An issue was discovered in BageCMS 3.1.3. network low complexity bagesoft CWE-22	6.4
2018-07-24	CVE-2018-14582	Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3 index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. network bagesoft CWE-352	6.8

Vulnerabilities > Bagesoft {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Bagesoft"}]}

Vulnerabilities > Bagesoft