Vulnerabilities > Wolfcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000084 | Cross-site Scripting vulnerability in Wolfcms Wolf CMS 0.8.3.1 WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. | 5.4 |
| 2018-02-22 | CVE-2018-6890 | Cross-site Scripting vulnerability in Wolfcms Wolf CMS 0.8.3.1 Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. | 4.8 |
| 2017-09-08 | CVE-2017-11611 | Cross-site Scripting vulnerability in Wolfcms Wolf CMS 0.8.3.1 Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. | 5.4 |
| 2017-04-14 | CVE-2015-6568 | Improper Input Validation vulnerability in Wolfcms Wolf CMS Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. | 8.8 |
| 2017-04-14 | CVE-2015-6567 | Improper Input Validation vulnerability in Wolfcms Wolf CMS Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. | 8.8 |