2 matches found
CVE-2017-16935
CVE-2017-16935 affects Ametys CMS prior to 4.0.3. The flaw arises because authentication is enforced only for URIs containing a /cms/ substring, allowing an unauthenticated attacker to bypass access restrictions by issuing a direct request to /plugins/core-ui/servercomm/messages.xml. Proof descri...
Ametys CMS 4.0.2 - Password Reset
Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system CMS written in Java. It is based on JSR-170 for content storage, Open Social for gadget rendering and a XML oriented...