Vulnerabilities > Gleezcms

DATE CVE VULNERABILITY TITLE RISK
2018-09-02 CVE-2018-16347 Cross-site Scripting vulnerability in Gleezcms Gleez CMS 1.2.0
An issue was discovered in Gleez CMS v1.2.0.
network
low complexity
gleezcms CWE-79
6.1
2018-08-25 CVE-2018-15845 Cross-Site Request Forgery (CSRF) vulnerability in Gleezcms Gleez CMS 1.2.0
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
network
low complexity
gleezcms CWE-352
8.8
2018-04-05 CVE-2018-7035 Cross-site Scripting vulnerability in Gleezcms Gleez CMS 1.2.0/2.0
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
network
low complexity
gleezcms CWE-79
5.4