Vulnerabilities > Clippercms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-13	CVE-2022-41495	Server-Side Request Forgery (SSRF) vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. network low complexity clippercms CWE-918 critical	9.8
2022-10-13	CVE-2022-41497	Server-Side Request Forgery (SSRF) vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. network low complexity clippercms CWE-918 critical	9.8
2019-08-15	CVE-2018-12101	Cross-site Scripting vulnerability in Clippercms 1.3.3 CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. network low complexity clippercms CWE-79	5.4
2018-11-21	CVE-2018-19424	Unrestricted Upload of File with Dangerous Type vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. network low complexity clippercms CWE-434	7.2
2018-11-11	CVE-2018-19135	Cross-Site Request Forgery (CSRF) vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). network low complexity clippercms CWE-352	8.8
2018-07-12	CVE-2018-13998	Cross-site Scripting vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. network low complexity clippercms CWE-79	4.8
2018-07-03	CVE-2018-13106	Cross-site Scripting vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. network low complexity clippercms CWE-79	4.8
2018-05-31	CVE-2018-11572	Cross-site Scripting vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. network low complexity clippercms CWE-79	5.4
2018-05-31	CVE-2018-11571	Session Fixation vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 allows Session Fixation. network low complexity clippercms CWE-384	8.8
2018-05-24	CVE-2018-11332	Cross-site Scripting vulnerability in Clippercms 1.3.3 Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file. network low complexity clippercms CWE-79	4.8

Vulnerabilities > Clippercms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Clippercms"}]}

Vulnerabilities > Clippercms