Filtered by vendor Publiccms
Subscriptions
Filtered by product Publiccms
Subscriptions
Total
32 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-21333 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 5.4 Medium |
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. | ||||
CVE-2020-20915 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 9.8 Critical |
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | ||||
CVE-2020-20914 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 9.8 Critical |
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. | ||||
CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | ||||
CVE-2018-17368 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks. | ||||
CVE-2018-12914 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | ||||
CVE-2018-12494 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | ||||
CVE-2018-12493 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | ||||
CVE-2018-11500 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | ||||
CVE-2024-11175 | 1 Publiccms | 1 Publiccms | 2024-11-15 | 3.5 Low |
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue. | ||||
CVE-2024-46410 | 1 Publiccms | 1 Publiccms | 2024-10-10 | 4.8 Medium |
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature | ||||
CVE-2024-42523 | 1 Publiccms | 1 Publiccms | 2024-08-23 | 7.2 High |
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData |