Vulnerabilities > S CMS

DATE CVE VULNERABILITY TITLE RISK
2021-07-30 CVE-2020-20699 Cross-site Scripting vulnerability in S-Cms 3.0
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
network
s-cms CWE-79
3.5
2021-07-30 CVE-2020-20700 Cross-site Scripting vulnerability in S-Cms 3.0
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
network
s-cms CWE-79
3.5
2021-07-30 CVE-2020-20701 Cross-site Scripting vulnerability in S-Cms 3.0
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
s-cms CWE-79
3.5
2019-10-09 CVE-2019-17368 Cross-site Scripting vulnerability in S-Cms 1.5
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
network
s-cms CWE-79
4.3
2019-09-14 CVE-2019-16312 Cross-site Scripting vulnerability in S-Cms 3.0
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.
network
s-cms CWE-79
4.3
2019-04-02 CVE-2019-10708 SQL Injection vulnerability in S-Cms 1.0
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.
network
low complexity
s-cms CWE-89
7.5
2019-03-27 CVE-2019-10237 Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 1.0
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
network
s-cms CWE-352
6.8
2019-03-22 CVE-2019-9925 Cross-site Scripting vulnerability in S-Cms 1.0
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
network
s-cms CWE-79
4.3
2019-02-23 CVE-2019-9040 Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 3.0
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
network
s-cms CWE-352
6.8
2019-01-25 CVE-2019-6805 SQL Injection vulnerability in S-Cms 3.0
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
network
low complexity
s-cms CWE-89
7.5