Lucene search
K
SscmsSiteserver Cms

10 matches found

CVE
CVE
added 2022/05/24 12:55 p.m.118 views

CVE-2021-42655

SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability (CVE-2021-42655). Public references in the connected documents identify the vulnerable endpoint as the API at /api/pages/cms/libraryText/list. The CVE details indicate a SQL injection issue with high-severity impact (CVSS v3.1: ...

8.8CVSS9AI score0.01145EPSS
CVE
CVE
added 2022/05/24 1:0 p.m.95 views

CVE-2021-42656

CVE-2021-42656 affects SiteServer CMS v6.15.51 and is a Cross-Site Scripting (XSS) vulnerability. Connected sources indicate the XSS appears in the TbItemName parameter (per the Nessus plugin note about SiteServer CMS 6.15.51) and reference the CVE-2021-42656 entry (also listing related CVE-2022-...

5.4CVSS5.2AI score0.00666EPSS
CVE
CVE
added 2022/05/24 12:41 p.m.80 views

CVE-2021-42654

SiteServer CMS

9.8CVSS9.5AI score0.01617EPSS
CVE
CVE
added 2022/05/03 12:8 a.m.80 views

CVE-2022-28118

CVE-2022-28118 : SiteServer CMS v7.x is vulnerable to remote code execution via a crafted plug-in. The underlying issue is described as improper input validation in the plug-in feature, enabling an attacker to execute arbitrary code on affected systems. Multiple sources corroborate an RCE in Site...

9.8CVSS9.6AI score0.02628EPSS
CVE
CVE
added 2022/05/27 5:20 p.m.78 views

CVE-2022-30349

CVE-2022-30349 affects SiteServer SSCMS 6.15.51. A cross-site scripting (XSS) vulnerability arises from insufficient sanitization of user-supplied data in the modalRelatedFieldItemEdit.aspx script (per CNNVD report). Several connected records (Red Hat, GitHub advisories, OSV, CVE listings, and Ne...

6.1CVSS6AI score0.00642EPSS
CVE
CVE
added 2023/05/24 9:31 a.m.67 views

CVE-2023-2862

SiteServer CMS up to version 7.2.1 contains a cross-site scripting vulnerability in the /api/stl/actions/search endpoint. The issue stems from manipulating the ajaxDivId parameter in an unknown function, allowing remote exploitation. Public disclosure of exploits is indicated, and a patch is reco...

6.1CVSS4.7AI score0.00561EPSS
Web
CVE
CVE
added 2023/01/27 12:0 a.m.61 views

CVE-2022-44298

SiteServer CMS 7.1.3 is affected by a SQL Injection vulnerability. The issue affects the product as described in multiple sources, with a high-severity score and a remote, network-exposed risk. One documented vector notes exploitation via the api/admin/settings/sitesTables/ endpoint, potentially ...

9.8CVSS9.5AI score0.00741EPSS
CVE
CVE
added 2023/01/26 12:0 a.m.53 views

CVE-2022-44297

SiteServer CMS 7.1.3 contains a backend SQL injection vulnerability. The CVE entry lists a critical impact (CVSS v3.1: 9.8) with network attack vector, no authentication, and full confidentiality, integrity, and availability impacts, as described in the initial data. Connected documents do not pr...

9.8CVSS9.7AI score0.00972EPSS
CVE
CVE
added 2025/05/27 12:0 a.m.51 views

CVE-2025-45529

CVE-2025-45529 affects SSCMS v7.3.1. The vulnerability resides in the ReadTextAsynchronous function, allowing an attacker to read arbitrary files by crafting a GET request to the endpoint /cms/templates/templatesAssetsEditor. Multiple connected sources confirm the same issue and root cause. A pra...

7.1CVSS6.8AI score0.00305EPSS
CVE
CVE
added 2023/02/16 12:0 a.m.47 views

CVE-2022-44299

SiteServerCMS 7.1.3 sscms is vulnerable to an Arbitrary File Read due to insufficient validation in ReadTextAsync, enabling leakage of sensitive files. Public reports describe a path/file-read vulnerability that can disclose data without user interaction over network access; exploitation details ...

4.9CVSS5AI score0.00826EPSS