Witycms Security Vulnerabilities and Issues — Witycms CVE List

Lucene search

CreatiwityWitycms

3 matches found

CVE•added 2019/06/20 2:15 p.m.•72 views

CVE-2018-16251

A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters.

4.3CVSS4.9AI score0.00235EPSS

CVE•added 2018/05/28 1:29 p.m.•47 views

CVE-2018-11512

Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to ad...

4.8CVSS4.7AI score0.0025EPSS

CVE•added 2018/09/10 4:29 a.m.•24 views

CVE-2018-16776

wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page.

4.8CVSS4.8AI score0.00235EPSS