Lucene search

Evolution Cms Security Vulnerabilities

cve

CVE-2018-16637

Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.

5.4CVSS

5.2AI Score

0.001EPSS

2018-12-28 05:29 PM

cve

CVE-2018-16638

Evolution CMS 1.4.x allows XSS via the manager/ search parameter.

5.4CVSS

5.2AI Score

0.001EPSS

2018-12-28 05:29 PM

cve

CVE-2019-14518

Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel.

5.4CVSS

5.2AI Score

0.001EPSS

2019-08-15 04:15 PM

cve

CVE-2020-23238

Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.

5.4CVSS

5.2AI Score

0.001EPSS

2021-07-26 08:15 PM

cve

CVE-2023-43340

Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters

5.2CVSS

5.2AI Score

0.0004EPSS

2023-10-19 11:15 PM

cve

CVE-2023-43341

Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.

6.1CVSS

6AI Score

0.0004EPSS

2023-10-19 10:15 PM