Vulnerabilities > Nucleuscms > Nucleus CMS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-30 | CVE-2021-37770 | Unrestricted Upload of File with Dangerous Type vulnerability in Nucleuscms Nucleus CMS 3.71 Nucleus CMS v3.71 is affected by a file upload vulnerability. | 6.5 |
2018-12-10 | CVE-2018-16636 | Cross-site Scripting vulnerability in Nucleuscms Nucleus CMS 3.70 Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. | 4.0 |
2015-07-08 | CVE-2015-5454 | Cross-site Scripting vulnerability in Nucleuscms Nucleus CMS 3.65/3.70 Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item. | 4.3 |
2011-09-24 | CVE-2011-3760 | Information Exposure vulnerability in Nucleuscms Nucleus CMS 3.61 Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files. | 5.0 |