CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.8CVSS5.7AI score0.00321EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:18 p.m.•5 views

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

4.8CVSS5.8AI score0.0029EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:18 p.m.•3 views

CVE-2020-20700

A stored cross site scripting XSS vulnerability in /app/formadd/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box...

4.8CVSS5.7AI score0.00321EPSS

Exploits1

RedhatCVE•added 2025/05/22 8:55 a.m.•8 views

CVE-2019-9925

S-CMS PHP v1.0 has XSS in 4.edu.php via the Sid parameter...

6.1CVSS6.2AI score0.0024EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:28 a.m.•5 views

CVE-2019-10708

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...

9.8CVSS8.2AI score0.03446EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 8:22 a.m.•5 views

CVE-2019-10237

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin=add⟨=0 URI, a related issue to CVE-2019-9040...

8.8CVSS7AI score0.00145EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:10 a.m.•7 views

CVE-2018-18887

S-CMS PHP 1.0 has SQL injection in member/membernews.php via the type parameter aka the $Ntype field...

9.8CVSS8.1AI score0.0025EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 5:27 a.m.•7 views

CVE-2019-9040

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin=add URI, a related issue to CVE-2018-19332...

8.8CVSS6.9AI score0.00141EPSS

Exploits1References1

OSV•added 2021/07/30 2:15 p.m.•0 views

CVE-2020-20701

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.8CVSS5.6AI score

Exploits0References1

NVD•added 2021/07/30 2:15 p.m.•10 views

CVE-2020-20701

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.8CVSS0.00321EPSS

Exploits1References1

NVD•added 2021/07/30 2:15 p.m.•10 views

CVE-2020-20700

4.8CVSS0.00321EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by