Vulnerabilities > S CMS

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2020-19954 XXE vulnerability in S-Cms 3.0
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
network
low complexity
s-cms CWE-611
5.0
2021-09-27 CVE-2021-37270 Missing Authorization vulnerability in S-Cms CMS Enterprise Website Construction System 5.0
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0.
network
low complexity
s-cms CWE-862
critical
10.0
2021-09-15 CVE-2020-19158 Cross-site Scripting vulnerability in S-Cms 20191014
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
network
s-cms CWE-79
3.5
2021-09-01 CVE-2020-20340 SQL Injection vulnerability in S-Cms 1.0
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
network
low complexity
s-cms CWE-89
5.0
2021-08-31 CVE-2020-19046 Cross-site Scripting vulnerability in S-Cms 1.0
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
network
s-cms CWE-79
3.5
2021-07-30 CVE-2020-20698 Missing Authorization vulnerability in S-Cms 3.0
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
network
low complexity
s-cms CWE-862
6.5
2021-07-30 CVE-2020-20699 Cross-site Scripting vulnerability in S-Cms 3.0
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
network
s-cms CWE-79
3.5
2021-07-30 CVE-2020-20700 Cross-site Scripting vulnerability in S-Cms 3.0
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
network
s-cms CWE-79
3.5
2021-07-30 CVE-2020-20701 Cross-site Scripting vulnerability in S-Cms 3.0
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
s-cms CWE-79
3.5
2019-10-09 CVE-2019-17368 Cross-site Scripting vulnerability in S-Cms 1.5
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
network
s-cms CWE-79
4.3