Dilicms

dilicms

Vendor: Dilicms • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-8440 1Dilicms 1Dilicms Jun 17, 2026 Mar 7, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo.
CVE-2019-8439 1Dilicms 1Dilicms Jun 17, 2026 Mar 7, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain.
CVE-2019-8438 1Dilicms 1Dilicms Jun 17, 2026 Mar 7, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name.
CVE-2018-19291 1Dilicms 1Dilicms Nov 21, 2024 Nov 15, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
CVE-2018-18210 1Dilicms 1Dilicms Nov 21, 2024 Oct 10, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.
CVE-2018-18209 1Dilicms 1Dilicms Nov 21, 2024 Oct 10, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.
CVE-2018-10430 1Dilicms 1Dilicms Nov 21, 2024 Apr 26, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.