Publiccms

publiccms

47 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (47)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-21333 1Publiccms 1Publiccms Nov 21, 2024 Jul 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
CVE-2018-18927 1Publiccms 1Publiccms Nov 21, 2024 Nov 4, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET at...Show more An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.Show less
CVE-2018-17368 1Publiccms 1Publiccms Nov 21, 2024 Sep 23, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
CVE-2018-12914 1Publiccms 1Publiccms Nov 21, 2024 Jun 27, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can exec...Show more A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.Show less
CVE-2018-12494 1Publiccms 1Publiccms Nov 21, 2024 Jun 15, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.
CVE-2018-12493 1Publiccms 1Publiccms Nov 21, 2024 Jun 15, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.
CVE-2018-11500 1Publiccms 1Publiccms Nov 21, 2024 May 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.