Vulnerabilities > Cmseasy > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2021-42644 Files or Directories Accessible to External Parties vulnerability in Cmseasy 7.7.520211012
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability.
network
low complexity
cmseasy CWE-552
6.5
6.5
2019-02-18 CVE-2019-8434 Cross-site Scripting vulnerability in Cmseasy 7.0
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
network
low complexity
cmseasy CWE-79
6.1
6.1
2019-02-18 CVE-2019-8432 Cross-site Scripting vulnerability in Cmseasy 7.0
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
network
low complexity
cmseasy CWE-79
6.1
6.1
2018-06-02 CVE-2018-11680 Cross-Site Request Forgery (CSRF) vulnerability in Cmseasy 6.0
An issue was discovered in CmsEasy 6.1_20180508.
network
low complexity
cmseasy CWE-352
6.5
6.5