Vulnerabilities > Cuppacms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-37191 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. | 6.5 |
| 2022-09-12 | CVE-2022-38295 | Cross-site Scripting vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. | 6.1 |
| 2022-03-15 | CVE-2022-25497 | Files or Directories Accessible to External Parties vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | 5.3 |
| 2018-12-31 | CVE-2018-19918 | Cross-site Scripting vulnerability in Cuppacms CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. | 5.4 |
| 2018-09-21 | CVE-2018-17300 | Cross-site Scripting vulnerability in Cuppacms Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. | 4.8 |