Cm3 Acora Content Management System Security Vulnerabilities and Issues — Cm3 Acora Content Management System CVE List

Lucene search

DdsnCm3 Acora Content Management System

5 matches found

CVE•added 2014/04/25 5:12 p.m.•33 views

CVE-2013-4723

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.

5.8CVSS6.9AI score0.00253EPSS

Web

CVE•added 2014/06/06 2:55 p.m.•30 views

CVE-2013-4724

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to th...

5CVSS6.3AI score0.00403EPSS

Web

CVE•added 2014/06/06 2:55 p.m.•28 views

CVE-2013-4725

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http sessi...

5CVSS6.8AI score0.00403EPSS

Web

CVE•added 2014/06/06 2:55 p.m.•28 views

CVE-2013-4727

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.

5CVSS6.4AI score0.12485EPSS

Web

CVE•added 2014/06/06 2:55 p.m.•27 views

CVE-2013-4728

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.

5CVSS6.3AI score0.00403EPSS

Web