5 matches found
CVE-2019-12734
SiteVision 4 has Incorrect Access Control...
SiteVision 4.x / 5.x Insufficient Module Access Control Vulnerability #ByPass
SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are...
CVE-2019-12734
SiteVision 4 has Incorrect Access Control...
CVE-2019-12734
SiteVision 4.x/5.x suffers from Insufficient Module Access Control (CVE-2019-12734). A low-privilege user (e.g., Editor) can inject or edit script modules during page edits, enabling Cross‑Site Scripting and in some descriptions Remote Code Execution. Affected versions: SiteVision 4 up to 4.5.6 a...
SiteVision 4.x / 5.x Remote Code Execution
SiteVision Remote Code Execution CVE-2019-12733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12733 https://www.cybercom.com/About-Cybercom/Blogs/Security-Advisories/high-risk-vulnerabilities-in-cms-product/ Summary Attackers may execute arbitrary code as root on the target server after...