Vulnerabilities > EVO

DATE CVE VULNERABILITY TITLE RISK
2023-10-19 CVE-2023-43340 Cross-site Scripting vulnerability in EVO Evolution CMS 3.2.3
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
local
low complexity
evo CWE-79
5.2
2023-10-19 CVE-2023-43341 Cross-site Scripting vulnerability in EVO Evolution CMS 3.2.3
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
network
low complexity
evo CWE-79
6.1
2021-07-26 CVE-2020-23238 Cross-site Scripting vulnerability in EVO Evolution CMS 2.0.2
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
network
evo CWE-79
3.5