Sitemagic

sitemagic

Vendor: Sitemagic • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-18220 1Sitemagic 1Sitemagic Nov 21, 2024 Oct 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This...Show more Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions.Show less
CVE-2019-18219 1Sitemagic 1Sitemagic Nov 21, 2024 Oct 23, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST r...Show more Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter.Show less
CVE-2019-10238 1Sitemagic 1Sitemagic Nov 21, 2024 Mar 27, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter.