Vulnerabilities > S CMS > S CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-04 | CVE-2023-29962 | Path Traversal vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | 6.5 |
| 2022-12-09 | CVE-2022-4377 | Cross-site Scripting vulnerability in S-Cms 5.0 A vulnerability was found in S-CMS 5.0 Build 20220328. | 5.4 |
| 2021-12-22 | CVE-2020-20425 | Cross-site Scripting vulnerability in S-Cms 5.0 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. | 6.1 |
| 2021-12-22 | CVE-2020-20426 | Cross-site Scripting vulnerability in S-Cms 5.0 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. | 6.1 |
| 2021-09-15 | CVE-2020-19158 | Cross-site Scripting vulnerability in S-Cms 20191014 Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. | 5.4 |
| 2021-08-31 | CVE-2020-19046 | Cross-site Scripting vulnerability in S-Cms 1.0 Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. | 5.4 |
| 2021-07-30 | CVE-2020-20699 | Cross-site Scripting vulnerability in S-Cms 3.0 A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings. | 4.8 |
| 2021-07-30 | CVE-2020-20700 | Cross-site Scripting vulnerability in S-Cms 3.0 A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box. | 4.8 |
| 2021-07-30 | CVE-2020-20701 | Cross-site Scripting vulnerability in S-Cms 3.0 A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 4.8 |
| 2019-10-09 | CVE-2019-17368 | Cross-site Scripting vulnerability in S-Cms 1.5 S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. | 6.1 |