Diafan

diafan

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Diafan.cms

diafan.cms

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-37164 1Diafan 1Diafan.cms Nov 21, 2024 Jul 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.
CVE-2011-5318 1Diafan 1Diafan.cms May 6, 2026 Jan 1, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to ad...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-37164

1Diafan

1Diafan.cms

Nov 21, 2024

Jul 20, 2023

N/A· v4

6.1 MEDIUM· v3

N/A· v2

Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.

CVE-2011-5318

1Diafan

1Diafan.cms

May 6, 2026

Jan 1, 2015

N/A· v4

N/A· v3

6.8 MEDIUM· v2

Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.Show less