Vulnerabilities > Nucleuscms > Nucleus CMS

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2021-37770 Unrestricted Upload of File with Dangerous Type vulnerability in Nucleuscms Nucleus CMS 3.71
Nucleus CMS v3.71 is affected by a file upload vulnerability.
network
low complexity
nucleuscms CWE-434
6.5
6.5
2018-12-10 CVE-2018-16636 Cross-site Scripting vulnerability in Nucleuscms Nucleus CMS 3.70
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
network
low complexity
nucleuscms CWE-79
4.0
4.0
2015-07-08 CVE-2015-5454 Cross-site Scripting vulnerability in Nucleuscms Nucleus CMS 3.65/3.70
Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.
network
nucleuscms CWE-79
4.3
4.3
2011-09-24 CVE-2011-3760 Information Exposure vulnerability in Nucleuscms Nucleus CMS 3.61
Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files.
network
low complexity
nucleuscms CWE-200
5.0
5.0