Vulnerabilities > Gelatocms

DATE	CVE	VULNERABILITY TITLE	RISK
2009-08-24	CVE-2008-7039	Cross-Site Scripting vulnerability in Gelatocms 0.95 Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. network gelatocms CWE-79	4.3
2008-08-14	CVE-2008-3675	Path Traversal vulnerability in Gelatocms 0.95 Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. network low complexity gelatocms CWE-22	5.0
2007-09-17	CVE-2007-4918	SQL Injection vulnerability in Gelatocms 0.90/0.95/Nil SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php. network low complexity gelatocms CWE-89	7.5

Vulnerabilities > Gelatocms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Gelatocms"}]}