49 matches found
CVE-2020-20700
A stored cross site scripting XSS vulnerability in /app/formadd/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box...
CVE-2020-20701
A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
A stored cross site scripting XSS vulnerability in /app/formadd/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box...
Cross site scripting
A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...
Cross site scripting
A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Remote code execution
A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...
CVE-2020-20701
A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-20701
CVE-2020-20701 documents a stored cross-site scripting (XSS) vulnerability in the S-CMS product, specifically affecting S-CMS PHP v3.0 . The issue allows an attacker to inject and store a crafted payload that, when viewed by a user, can cause arbitrary web scripts or HTML to be executed in the co...
CVE-2020-20700
CVE-2020-20700 describes a stored cross-site scripting (XSS) vulnerability in /app/form_add/ of S-CMS PHP v3.0. The issue arises from a crafted payload entered into the Title Entry text box, enabling execution of arbitrary web scripts/HTML. Affected software: S-CMS PHP v3.0; vulnerable component:...
CVE-2020-20699
A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...
CVE-2020-20699
S-CMS PHP v3.0 has a cross-site scripting (XSS) vulnerability exploitable via the Copyright field in Basic Settings, allowing arbitrary web scripts/HTML execution. The vulnerability is consistently described across NVD/Red Hat/CNNVD/CNVD feeds as CVE-2020-20699, with no connected document providi...
CVE-2020-20698
A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...
CVE-2019-10708
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...
Sql injection
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...
CVE-2019-10708
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...
CVE-2019-10708
CVE-2019-10708 affects S-CMS PHP v1.0. The vulnerability is a SQL injection in the parameter 4/js/scms.php?action=unlike, due to insufficient input validation, allowing an attacker to inject SQL statements. The NVD/NVD-derived metrics indicate high/critical risk (CVSS v2: 7.5; CVSS v3: 9.8). Publ...
Cross site request forgery (csrf)
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040...
CVE-2019-10237
CVE-2019-10237 affects S-CMS PHP v1.0 and is a CSRF vulnerability that allows adding a new admin user via the URI 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0. The issue is linked to CVE-2019-9040 and reiterates a cross-site request forgery risk in the admin creation flow. Connected Red ...
Design/Logic Flaw
S-CMS PHP v1.0 has XSS in 4.edu.php via the Sid parameter...
CVE-2019-9925
S-CMS PHP v1.0 has XSS in 4.edu.php via the Sid parameter...