CVE-2020-20701

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

Cross site scripting

A stored cross site scripting XSS vulnerability in /app/formadd/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box...

Cross site scripting

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2020-20701

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2020-20699

S-CMS PHP v3.0 has a cross-site scripting (XSS) vulnerability exploitable via the Copyright field in Basic Settings, allowing arbitrary web scripts/HTML execution. The vulnerability is consistently described across NVD/Red Hat/CNNVD/CNVD feeds as CVE-2020-20699, with no connected document providi...

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

CVE-2019-9040

CVE-2019-9040 affects S-CMS PHP v3.0, reporting a CSRF flaw that allows adding a new admin user via the admin/ajax.php?type=admin&action=add URI (related to CVE-2018-19332). The connected Red Hat/PRION/NVD entries confirm the same vector: CSRF enabling admin user creation. The root cause is impro...