Vulnerabilities > Cmsuno Project

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-11	CVE-2021-40889	Code Injection vulnerability in Cmsuno Project Cmsuno 1.7.2 CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. network low complexity cmsuno-project CWE-94 critical	9.8
2021-08-03	CVE-2021-36654	Cross-site Scripting vulnerability in Cmsuno Project Cmsuno 1.7 CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. network low complexity cmsuno-project CWE-79	5.4
2020-11-13	CVE-2020-25557	Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. network low complexity cmsuno-project CWE-94	8.8
2020-11-13	CVE-2020-25538	Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. network low complexity cmsuno-project CWE-94	8.8
2020-07-07	CVE-2020-15600	Cross-Site Request Forgery (CSRF) vulnerability in Cmsuno Project Cmsuno An issue was discovered in CMSUno before 1.6.1. network low complexity cmsuno-project CWE-352	6.5
2018-08-20	CVE-2018-15567	Cross-site Scripting vulnerability in Cmsuno Project Cmsuno CMSUno before 1.5.3 has XSS via the title field. network low complexity cmsuno-project CWE-79	6.1

Vulnerabilities > Cmsuno Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cmsuno Project"}]}