Vulnerabilities > Ukcms

DATE CVE VULNERABILITY TITLE RISK
2021-08-12 CVE-2020-18449 Cross-site Scripting vulnerability in Ukcms 1.1.10
Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php
network
ukcms CWE-79
3.5
2021-08-12 CVE-2020-20977 Cross-site Scripting vulnerability in Ukcms 1.1.10
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.
network
ukcms CWE-79
3.5
2019-04-05 CVE-2019-10888 Cross-Site Request Forgery (CSRF) vulnerability in Ukcms 1.1.10
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.
network
ukcms CWE-352
6.8
2018-08-03 CVE-2018-14911 Unrestricted Upload of File with Dangerous Type vulnerability in Ukcms
A file upload vulnerability exists in ukcms v1.1.7 and earlier.
network
low complexity
ukcms CWE-434
6.5