Aerocms Security Vulnerabilities and Issues — Aerocms CVE List

Lucene search

Aerocms ProjectAerocms

3 matches found

CVE•added 2022/04/08 9:15 a.m.•80 views

CVE-2022-27063

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

6.1CVSS5.9AI score0.00664EPSS

CVE•added 2022/04/08 9:15 a.m.•78 views

CVE-2022-27062

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.

4.8CVSS5.2AI score0.00641EPSS

CVE•added 2022/04/08 9:15 a.m.•71 views

CVE-2022-27061

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

7.2CVSS7.3AI score0.02922EPSS