Vulnerabilities > Gilacms > Gila CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-7657 | Cross-site Scripting vulnerability in Gilacms Gila CMS 1.10.9 A vulnerability classified as problematic was found in Gila CMS 1.10.9. | 5.4 |
| 2023-08-11 | CVE-2020-20523 | Cross-site Scripting vulnerability in Gilacms Gila CMS 1.11.3 Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation. | 6.1 |
| 2021-10-04 | CVE-2021-39486 | Cross-site Scripting vulnerability in Gilacms Gila CMS 2.2.0 A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. | 5.4 |
| 2021-09-27 | CVE-2020-20695 | Cross-site Scripting vulnerability in Gilacms Gila CMS 1.11.4 A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | 5.4 |
| 2021-09-27 | CVE-2020-20696 | Cross-site Scripting vulnerability in Gilacms Gila CMS 1.11.4 A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. | 5.4 |
| 2020-05-21 | CVE-2019-20803 | Cross-site Scripting vulnerability in Gilacms Gila CMS Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme. | 6.1 |
| 2020-01-06 | CVE-2020-5513 | Path Traversal vulnerability in Gilacms Gila CMS 1.11.8 Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. | 6.8 |
| 2020-01-06 | CVE-2020-5512 | Path Traversal vulnerability in Gilacms Gila CMS 1.11.8 Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. | 6.8 |
| 2019-10-13 | CVE-2019-17536 | Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. | 4.9 |
| 2019-10-13 | CVE-2019-17535 | Cross-site Scripting vulnerability in Gilacms Gila CMS Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. | 6.1 |