Vulnerabilities > S CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-22 | CVE-2019-9925 | Cross-site Scripting vulnerability in S-Cms 1.0 S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. | 4.3 |
| 2019-02-23 | CVE-2019-9040 | Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 3.0 S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. | 6.8 |
| 2018-12-26 | CVE-2018-20478 | Information Exposure vulnerability in S-Cms 1.0 An issue was discovered in S-CMS 1.0. | 5.0 |
| 2018-12-26 | CVE-2018-20476 | Cross-site Scripting vulnerability in S-Cms 3.0 An issue was discovered in S-CMS 3.0. | 6.1 |
| 2018-12-10 | CVE-2018-20018 | SQL Injection vulnerability in S-Cms 3.0 S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. | 5.0 |
| 2018-11-17 | CVE-2018-19332 | Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 1.5 An issue was discovered in S-CMS v1.5. | 6.8 |
| 2018-11-17 | CVE-2018-19331 | SQL Injection vulnerability in S-Cms 1.5 An issue was discovered in S-CMS v1.5. | 5.0 |
| 2018-11-09 | CVE-2018-19145 | Cross-site Scripting vulnerability in S-Cms 1.5 An issue was discovered in S-CMS v1.5. | 4.3 |