Ametys CMS Information Disclosure

Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml and similar pathnames for other languages via the auto-completion plugin, which contain all characters typed by all users, including the content of...

CVE-2022-50937

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

CVE-2022-26159

The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion//en.xml and similar pathnames for other languages, which contain all characters typed by all users, including the content of private...

CVE-2024-30614

An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope...

CVE-2024-30614

An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope...

PT-2024-23521 · Unknown · Ametys Cms

Name of the Vulnerable Software and Affected Versions: Ametys CMS versions prior to 4.5.0 Description: The issue allows attackers to obtain sensitive information via exposed resources to the error scope. Recommendations: For Ametys CMS versions prior to 4.5.0, update to a version later than 4.5.0...

CVE-2022-26159

The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion//en.xml and similar pathnames for other languages, which contain all characters typed by all users, including the content of private...

Code injection

The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion//en.xml and similar pathnames for other languages, which contain all characters typed by all users, including the content of private...

CVE-2022-26159

The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion//en.xml and similar pathnames for other languages, which contain all characters typed by all users, including the content of private...

CVE-2022-26159

Affected software. Ametys CMS before 4.5.0 with the auto-completion plugin. What is vulnerable. The plugin exposes read access to files like plugins/web/service/search/auto-completion//en.xml (and equivalents for other languages), which contain all characters typed by users. Impact. Private page ...

Exploit for Forced Browsing in Ametys

CVE-2022-26159-Ametys-Autocompletion-XML A python exploi...

Ametys CMS v4.4.1 - Cross Site Scripting (XSS)

Exploit Title: Ametys CMS v4.4.1 - Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 21/01/2022 Document Title: =============== Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2275...

Ametys CMS Detection

Detection of Ametys CMS. The script sends a connection request to the server and attempts to detect Ametys CMS and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Ametys CMS Unauthenticated Password Reset Vulnerability

Ametys CMS is prone to an unauthenticated password reset vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ametys CMS 4.0.2 - Password Reset

Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system CMS written in Java. It is based on JSR-170 for content storage, Open Social for gadget rendering and a XML oriented...

Ametys CMS 4.0.2 - Password Reset

Ametys CMS 4.0.2 - Password Reset Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system CMS written in Java. It is based on JSR-170 for content storage, Open Social for...

Ametys Access Restriction Bypass Vulnerability

Ametys is a Java-based Web content management system CMS. The system has an interface similar to the Microsoft Office program and is suitable for use in schools and government organizations. A security vulnerability exists in Ametys versions prior to 4.0.3, which stems from the program performing...

Ametys CMS 3.5.2 - (lang parameter) XPath Injection Vulnerability

No description provided by source. Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open sour...

Ametys CMS 3.5.2 XPath Injection Vulnerability

Ametys CMS version 3.5.2 suffers from an XPath injection vulnerability. Input passed via the 'lang' POST parameter in the newsletter plugin is not properly sanitized before being used to construct an XPath query for XML data. Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor:...

Ametys CMS 3.5.2 XPath Injection

Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open source CMS combining rich content with an easy-to-use and intuitive interface. Desc: Input passed v...