Vulnerabilities > Publiccms

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-51252 Cross-site Scripting vulnerability in Publiccms 4.0
PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
publiccms CWE-79
5.4
2023-11-20 CVE-2023-46990 Deserialization of Untrusted Data vulnerability in Publiccms 4.0.202302.E
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
network
low complexity
publiccms CWE-502
critical
9.8
2023-11-16 CVE-2023-48204 Server-Side Request Forgery (SSRF) vulnerability in Publiccms 4.0.202302.E
An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.
network
low complexity
publiccms CWE-918
6.5
2023-06-15 CVE-2023-34852 Unspecified vulnerability in Publiccms
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.
network
low complexity
publiccms
critical
9.8
2022-11-11 CVE-2022-3950 Cross-site Scripting vulnerability in Publiccms
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS.
network
low complexity
publiccms CWE-79
6.1
2022-06-03 CVE-2022-29784 Unspecified vulnerability in Publiccms
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.
network
low complexity
publiccms
5.3
2022-02-14 CVE-2022-23389 OS Command Injection vulnerability in Publiccms 4.0
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.
network
low complexity
publiccms CWE-78
critical
9.8
2021-09-15 CVE-2021-40881 Unspecified vulnerability in Publiccms 4.0
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.
network
low complexity
publiccms
7.5
2021-07-09 CVE-2020-21333 Cross-site Scripting vulnerability in Publiccms 4.0
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
network
publiccms CWE-79
3.5
2018-11-04 CVE-2018-18927 Cross-site Scripting vulnerability in Publiccms 4.0
An issue was discovered in PublicCMS V4.0.
network
publiccms CWE-79
3.5