Vulnerabilities > Cmseasy

DATE CVE VULNERABILITY TITLE RISK
2024-01-14 CVE-2024-0523 Unspecified vulnerability in Cmseasy
A vulnerability was found in CmsEasy up to 7.7.7.
network
low complexity
cmseasy
critical
9.8
2023-06-27 CVE-2020-18406 Insufficiently Protected Credentials vulnerability in Cmseasy 7.0
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.
network
low complexity
cmseasy CWE-522
7.5
2023-06-15 CVE-2023-34880 Path Traversal vulnerability in Cmseasy 7.7.7.7
cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php.
network
low complexity
cmseasy CWE-22
critical
9.8
2022-05-17 CVE-2021-42643 Path Traversal vulnerability in Cmseasy 7.7.520211012
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability.
network
low complexity
cmseasy CWE-22
8.8
2022-05-17 CVE-2021-42644 Files or Directories Accessible to External Parties vulnerability in Cmseasy 7.7.520211012
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability.
network
low complexity
cmseasy CWE-552
6.5
2019-02-18 CVE-2019-8434 Cross-site Scripting vulnerability in Cmseasy 7.0
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
network
low complexity
cmseasy CWE-79
6.1
2019-02-18 CVE-2019-8432 Cross-site Scripting vulnerability in Cmseasy 7.0
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
network
low complexity
cmseasy CWE-79
6.1
2018-06-02 CVE-2018-11680 Cross-Site Request Forgery (CSRF) vulnerability in Cmseasy 6.0
An issue was discovered in CmsEasy 6.1_20180508.
network
low complexity
cmseasy CWE-352
6.5
2018-06-02 CVE-2018-11679 Cross-Site Request Forgery (CSRF) vulnerability in Cmseasy 6.0
An issue was discovered in CmsEasy 6.1_20180508.
network
low complexity
cmseasy CWE-352
8.8