10 matches found
CVE-2021-42655
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability (CVE-2021-42655). Public references in the connected documents identify the vulnerable endpoint as the API at /api/pages/cms/libraryText/list. The CVE details indicate a SQL injection issue with high-severity impact (CVSS v3.1: ...
CVE-2021-42656
CVE-2021-42656 affects SiteServer CMS v6.15.51 and is a Cross-Site Scripting (XSS) vulnerability. Connected sources indicate the XSS appears in the TbItemName parameter (per the Nessus plugin note about SiteServer CMS 6.15.51) and reference the CVE-2021-42656 entry (also listing related CVE-2022-...
CVE-2021-42654
SiteServer CMS
CVE-2022-28118
CVE-2022-28118 : SiteServer CMS v7.x is vulnerable to remote code execution via a crafted plug-in. The underlying issue is described as improper input validation in the plug-in feature, enabling an attacker to execute arbitrary code on affected systems. Multiple sources corroborate an RCE in Site...
CVE-2022-30349
CVE-2022-30349 affects SiteServer SSCMS 6.15.51. A cross-site scripting (XSS) vulnerability arises from insufficient sanitization of user-supplied data in the modalRelatedFieldItemEdit.aspx script (per CNNVD report). Several connected records (Red Hat, GitHub advisories, OSV, CVE listings, and Ne...
CVE-2023-2862
SiteServer CMS up to version 7.2.1 contains a cross-site scripting vulnerability in the /api/stl/actions/search endpoint. The issue stems from manipulating the ajaxDivId parameter in an unknown function, allowing remote exploitation. Public disclosure of exploits is indicated, and a patch is reco...
CVE-2022-44298
SiteServer CMS 7.1.3 is affected by a SQL Injection vulnerability. The issue affects the product as described in multiple sources, with a high-severity score and a remote, network-exposed risk. One documented vector notes exploitation via the api/admin/settings/sitesTables/ endpoint, potentially ...
CVE-2022-44297
SiteServer CMS 7.1.3 contains a backend SQL injection vulnerability. The CVE entry lists a critical impact (CVSS v3.1: 9.8) with network attack vector, no authentication, and full confidentiality, integrity, and availability impacts, as described in the initial data. Connected documents do not pr...
CVE-2025-45529
CVE-2025-45529 affects SSCMS v7.3.1. The vulnerability resides in the ReadTextAsynchronous function, allowing an attacker to read arbitrary files by crafting a GET request to the endpoint /cms/templates/templatesAssetsEditor. Multiple connected sources confirm the same issue and root cause. A pra...
CVE-2022-44299
SiteServerCMS 7.1.3 sscms is vulnerable to an Arbitrary File Read due to insufficient validation in ReadTextAsync, enabling leakage of sensitive files. Public reports describe a path/file-read vulnerability that can disclose data without user interaction over network access; exploitation details ...