Vulnerabilities > Clippercms

DATE CVE VULNERABILITY TITLE RISK
2022-10-13 CVE-2022-41495 Server-Side Request Forgery (SSRF) vulnerability in Clippercms 1.3.3
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.
network
low complexity
clippercms CWE-918
critical
9.8
2022-10-13 CVE-2022-41497 Server-Side Request Forgery (SSRF) vulnerability in Clippercms 1.3.3
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.
network
low complexity
clippercms CWE-918
critical
9.8
2019-08-15 CVE-2018-12101 Cross-site Scripting vulnerability in Clippercms 1.3.3
CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.
network
clippercms CWE-79
3.5
2018-11-21 CVE-2018-19424 Unrestricted Upload of File with Dangerous Type vulnerability in Clippercms 1.3.3
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.
network
low complexity
clippercms CWE-434
6.5
2018-11-11 CVE-2018-19135 Cross-Site Request Forgery (CSRF) vulnerability in Clippercms 1.3.3
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default).
6.8
2018-07-12 CVE-2018-13998 Cross-site Scripting vulnerability in Clippercms 1.3.3
ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.
network
clippercms CWE-79
3.5
2018-07-03 CVE-2018-13106 Cross-site Scripting vulnerability in Clippercms 1.3.3
ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI.
network
clippercms CWE-79
3.5
2018-05-31 CVE-2018-11572 Cross-site Scripting vulnerability in Clippercms 1.3.3
ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.
network
clippercms CWE-79
3.5
2018-05-31 CVE-2018-11571 Session Fixation vulnerability in Clippercms 1.3.3
ClipperCMS 1.3.3 allows Session Fixation.
6.8
2018-05-24 CVE-2018-11332 Cross-site Scripting vulnerability in Clippercms 1.3.3
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
network
clippercms CWE-79
3.5