Vulnerabilities > S CMS > Low

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2020-19158 Cross-site Scripting vulnerability in S-Cms 20191014
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
network
s-cms CWE-79
3.5
3.5
2021-08-31 CVE-2020-19046 Cross-site Scripting vulnerability in S-Cms 1.0
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
network
s-cms CWE-79
3.5
3.5
2021-07-30 CVE-2020-20701 Cross-site Scripting vulnerability in S-Cms 3.0
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
s-cms CWE-79
3.5
3.5
2021-07-30 CVE-2020-20700 Cross-site Scripting vulnerability in S-Cms 3.0
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
network
s-cms CWE-79
3.5
3.5
2021-07-30 CVE-2020-20699 Cross-site Scripting vulnerability in S-Cms 3.0
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
network
s-cms CWE-79
3.5
3.5