Vulnerabilities > Bagesoft > Bagecms > 3.1.0

DATE CVE VULNERABILITY TITLE RISK
2023-07-06 CVE-2023-37122 Cross-site Scripting vulnerability in Bagesoft Bagecms 3.1.0
A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.
network
low complexity
bagesoft CWE-79
5.4
5.4
2019-02-17 CVE-2019-8421 SQL Injection vulnerability in Bagesoft Bagecms 3.1.0/3.1.3/3.1.4
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
network
low complexity
bagesoft CWE-89
7.2
7.2