151 matches found
CVE-2022-44297
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background...
CVE-2022-44297
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background...
CVE-2022-44297
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background...
CVE-2022-30349
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting XSS...
CVE-2022-30349
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting XSS...
CVE-2022-30349
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting XSS...
CVE-2022-30349
CVE-2022-30349 affects SiteServer SSCMS 6.15.51. A cross-site scripting (XSS) vulnerability arises from insufficient sanitization of user-supplied data in the modalRelatedFieldItemEdit.aspx script (per CNNVD report). Several connected records (Red Hat, GitHub advisories, OSV, CVE listings, and Ne...
GHSA-2XWP-7J3P-C78X Cross site scripting in SiteServer CMS
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting XSS vulnerability...
GHSA-5XR5-V2H7-2W7W SQL injection in SiteServer CMS
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability...
SQL injection in SiteServer CMS
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability...
Cross site scripting in SiteServer CMS
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting XSS vulnerability...
SiteServer CMS sql injection vulnerability
SiteServer CMS is a content management system CMS from Beijing Bailong Thousand Domain Software Technology Development Company. SQL injection vulnerability exists in SiteServer CMS V6.15.51. An attacker can exploit this vulnerability to perform sql injection...
GHSA-FF4W-8CHR-W2X9 SiteServer CMS RCE via unsafe file upload
A issue was discovered in SiteServer CMS prior to version 6.12. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted...
SiteServer CMS RCE via unsafe file upload
A issue was discovered in SiteServer CMS prior to version 6.12. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted...
CVE-2021-42654
SiteServer CMS V5.1 is affected by an unrestricted upload of a file with dangerous type getshell, which could be used to execute arbitrary code...
CVE-2021-42655
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability...
CVE-2021-42656
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting XSS vulnerability...
CVE-2021-42655
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability...
CVE-2021-42656
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting XSS vulnerability...
CVE-2021-42654
SiteServer CMS V5.1 is affected by an unrestricted upload of a file with dangerous type getshell, which could be used to execute arbitrary code...