Vulnerabilities > SEM CMS > Semcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-28 CVE-2021-38728 Cross-site Scripting vulnerability in Sem-Cms Semcms 1.1
SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.
network
low complexity
sem-cms CWE-79
6.1
2021-12-17 CVE-2020-18078 Unspecified vulnerability in Sem-Cms Semcms 3.8
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.
network
low complexity
sem-cms
5.0
2021-12-17 CVE-2020-18081 SQL Injection vulnerability in Sem-Cms Semcms 3.8
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
network
low complexity
sem-cms CWE-89
5.0
2019-04-25 CVE-2019-11518 SQL Injection vulnerability in Sem-Cms Semcms 3.8
An issue was discovered in SEMCMS 3.8.
network
low complexity
sem-cms CWE-89
6.5
2018-10-29 CVE-2018-18783 Cross-site Scripting vulnerability in Sem-Cms Semcms 3.4
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.
network
sem-cms CWE-79
4.3
2018-10-29 CVE-2018-18742 Cross-Site Request Forgery (CSRF) vulnerability in Sem-Cms Semcms 3.4
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.
network
sem-cms CWE-352
6.8