79 matches found
CVE-2020-20701
A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-20701
A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-20700
A stored cross site scripting XSS vulnerability in /app/formadd/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box...
CVE-2020-20699
A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...
Cross site scripting
A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...
Remote code execution
A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...
Cross site scripting
A stored cross site scripting XSS vulnerability in /app/formadd/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box...
Cross site scripting
A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-20701
A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-20701
CVE-2020-20701 documents a stored cross-site scripting (XSS) vulnerability in the S-CMS product, specifically affecting S-CMS PHP v3.0 . The issue allows an attacker to inject and store a crafted payload that, when viewed by a user, can cause arbitrary web scripts or HTML to be executed in the co...
CVE-2020-20700
CVE-2020-20700 describes a stored cross-site scripting (XSS) vulnerability in /app/form_add/ of S-CMS PHP v3.0. The issue arises from a crafted payload entered into the Title Entry text box, enabling execution of arbitrary web scripts/HTML. Affected software: S-CMS PHP v3.0; vulnerable component:...
CVE-2020-20699
S-CMS PHP v3.0 has a cross-site scripting (XSS) vulnerability exploitable via the Copyright field in Basic Settings, allowing arbitrary web scripts/HTML execution. The vulnerability is consistently described across NVD/Red Hat/CNNVD/CNVD feeds as CVE-2020-20699, with no connected document providi...
CVE-2020-20699
A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...
CVE-2020-20698
A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...
CVE-2021-21264 Bypass of fix for CVE-2020-26231, Twig sandbox escape
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the cms.managepages,...
Sql injection
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...
CVE-2019-10708
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...
CVE-2019-10708
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...
CVE-2019-10708
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...
CVE-2019-10708
CVE-2019-10708 affects S-CMS PHP v1.0. The vulnerability is a SQL injection in the parameter 4/js/scms.php?action=unlike, due to insufficient input validation, allowing an attacker to inject SQL statements. The NVD/NVD-derived metrics indicate high/critical risk (CVSS v2: 7.5; CVSS v3: 9.8). Publ...