Vulnerabilities > S CMS > S CMS > 3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-14 | CVE-2020-19954 | XXE vulnerability in S-Cms 3.0 An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. | 5.0 |
2021-07-30 | CVE-2020-20698 | Missing Authorization vulnerability in S-Cms 3.0 A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file. | 6.5 |
2021-07-30 | CVE-2020-20699 | Cross-site Scripting vulnerability in S-Cms 3.0 A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings. | 3.5 |
2021-07-30 | CVE-2020-20700 | Cross-site Scripting vulnerability in S-Cms 3.0 A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box. | 3.5 |
2021-07-30 | CVE-2020-20701 | Cross-site Scripting vulnerability in S-Cms 3.0 A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 3.5 |
2019-09-14 | CVE-2019-16312 | Cross-site Scripting vulnerability in S-Cms 3.0 s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | 4.3 |
2019-02-23 | CVE-2019-9040 | Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 3.0 S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. | 6.8 |
2019-01-25 | CVE-2019-6805 | SQL Injection vulnerability in S-Cms 3.0 SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. | 7.5 |
2018-12-26 | CVE-2018-20477 | SQL Injection vulnerability in S-Cms 3.0 An issue was discovered in S-CMS 3.0. | 9.8 |
2018-12-26 | CVE-2018-20476 | Cross-site Scripting vulnerability in S-Cms 3.0 An issue was discovered in S-CMS 3.0. | 6.1 |