Lucene search

Siteserver Cms Security Vulnerabilities

cve

CVE-2019-11401

A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.

7.2CVSS

7.3AI Score

0.003EPSS

2019-04-22 11:29 AM

cve

CVE-2021-42654

SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.

9.8CVSS

9.5AI Score

0.003EPSS

2022-05-24 01:15 PM

cve

CVE-2021-42655

SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.

8.8CVSS

9AI Score

0.001EPSS

2022-05-24 01:15 PM

cve

CVE-2021-42656

SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.

5.4CVSS

5.2AI Score

0.001EPSS

2022-05-24 01:15 PM

cve

CVE-2022-28118

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.

9.8CVSS

9.6AI Score

0.004EPSS

2022-05-03 01:15 AM

cve

CVE-2022-30349

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).

6.1CVSS

6AI Score

0.001EPSS

2022-06-02 02:15 PM

cve

CVE-2022-44297

SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.

9.8CVSS

9.7AI Score

0.001EPSS

2023-01-26 09:17 PM

cve

CVE-2022-44298

SiteServer CMS 7.1.3 is vulnerable to SQL Injection.

9.8CVSS

9.5AI Score

0.001EPSS

2023-01-27 02:15 PM

cve

CVE-2022-44299

SiteServerCMS 7.1.3 sscms has a file read vulnerability.

4.9CVSS

5AI Score

0.001EPSS

2023-02-16 10:15 PM

cve

CVE-2023-2862

A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

6.1CVSS

5.9AI Score

0.001EPSS

2023-05-24 10:15 AM