Vulnerabilities > Ucms Project > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-17 CVE-2023-5015 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
A vulnerability was found in UCMS 1.4.7.
network
low complexity
ucms-project CWE-79
6.1
6.1
2023-04-26 CVE-2023-2294 Unspecified vulnerability in Ucms Project Ucms 1.6
A vulnerability was found in UCMS 1.6.0.
network
low complexity
ucms-project
6.1
6.1
2022-09-19 CVE-2022-38527 Cross-site Scripting vulnerability in Ucms Project Ucms 1.6
UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
network
low complexity
ucms-project CWE-79
6.1
6.1
2021-09-29 CVE-2020-20781 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
network
low complexity
ucms-project CWE-79
5.4
5.4
2021-07-23 CVE-2021-25809 Information Exposure Through an Error Message vulnerability in Ucms Project Ucms 1.5.0
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
network
low complexity
ucms-project CWE-209
5.3
5.3
2020-09-04 CVE-2020-24981 Unspecified vulnerability in Ucms Project Ucms 1.4.8
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8.
network
low complexity
ucms-project
5.3
5.3
2019-03-07 CVE-2018-16804 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.6
An issue was discovered in UCMS 1.4.6.
network
low complexity
ucms-project CWE-79
6.1
6.1
2018-12-30 CVE-2018-20601 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
network
low complexity
ucms-project CWE-79
4.8
4.8
2018-12-30 CVE-2018-20600 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
network
low complexity
ucms-project CWE-79
6.1
6.1
2018-12-30 CVE-2018-20597 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
network
low complexity
ucms-project CWE-79
4.8
4.8