Vulnerabilities > Phpcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-15 | CVE-2021-40910 | Cross-site Scripting vulnerability in PHPcms 9.6.3 There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. | 4.3 |
| 2021-06-16 | CVE-2020-22200 | Path Traversal vulnerability in PHPcms 9.1.13 Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. | 5.0 |
| 2018-08-05 | CVE-2018-14940 | Resource Exhaustion vulnerability in PHPcms 9.0 PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request. | 5.0 |
| 2014-05-14 | CVE-2013-5939 | Cross-Site Scripting vulnerability in PHPcms Guesbook Module Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php. | 4.3 |
| 2005-06-02 | CVE-2005-1840 | Directory Traversal vulnerability in phpCMS Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. | 5.0 |
| 2005-01-10 | CVE-2004-1203 | Information Disclosure vulnerability in PHPcms 1.1.9/1.2.0/1.2.1 parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path. | 5.0 |
| 2005-01-10 | CVE-2004-1202 | Cross-Site Scripting vulnerability in PHPcms 1.1.9/1.2/1.2.1 Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter. network phpcms | 6.8 |