Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

cms — Vulnerabilities & Security Advisories 213

All 213 CVE vulnerabilities found in cms, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mambo

CVE IDTitleCVSSSeverityPaused
CVE-2024-3118 Dreamer CMS Attachment permission CWE-275 6.3 Medium2024-03-31
CVE-2024-2354 Dreamer CMS toEdit cross-site request forgery CWE-352 4.3 Medium2024-03-10
CVE-2024-24570 Statamic account takeover via XSS and password reset link CWE-79 8.2 High2024-02-01
CVE-2024-0729 ForU CMS cms_admin.php sql injection CWE-89 5.5 Medium2024-01-19
CVE-2024-0728 ForU CMS channel.php file inclusion CWE-73 4.7 Medium2024-01-19
CVE-2024-0648 Yunyou CMS Common.php unrestricted upload CWE-434 7.3 High2024-01-17
CVE-2024-0426 ForU CMS cms_template.php sql injection CWE-89 6.3 Medium2024-01-11
CVE-2024-0425 ForU CMS password recovery CWE-640 5.3 Medium2024-01-11
CVE-2024-21622 Craft CMS Privilege Escalation CWE-269 5.4 Medium2024-01-03
CVE-2023-7091 Dreamer CMS uploadFile unrestricted upload CWE-434 6.3 Medium2023-12-24
CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets CWE-79 7.5 High2023-11-21
CVE-2023-48217 Remote code execution via form uploads in statamic/cms CWE-94 8.8 High2023-11-14
CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads CWE-434 8.4 High2023-11-10
CVE-2023-5812 flusity CMS upload.php handleFileUpload unrestricted upload CWE-434 4.7 Medium2023-10-27
CVE-2023-5811 flusity CMS posts.php loadPostAddForm cross site scripting CWE-79 2.4 Low2023-10-27
CVE-2023-5810 flusity CMS posts.php loadPostAddForm cross site scripting CWE-79 2.4 Low2023-10-27
CVE-2023-5793 flusity CMS Dashboard customblock.php loadCustomBlocCreateForm cross site scripting CWE-79 3.5 Low2023-10-26
CVE-2023-5259 ForU CMS cms_admin.php denial of service CWE-404 2.7 Low2023-09-29
CVE-2023-5221 ForU CMS index.php code injection CWE-94 4.7 Medium2023-09-27
CVE-2023-5013 Pluck CMS Installation install.php cross site scripting CWE-79 2.6 Low2023-09-16
CVE-2023-41892 Craft CMS Remote Code Execution vulnerability CWE-94 10.0 Critical2023-09-13
CVE-2023-4743 Dreamer CMS file access CWE-552 3.1 Low2023-09-03
CVE-2023-40035 Craft CMS vulnerable to Remote Code Execution via validatePath bypass CWE-74 7.2 High2023-08-23
CVE-2023-3790 Boom CMS assets-manager add cross site scripting CWE-79 3.5 Low2023-07-20
CVE-2023-3789 PaulPrinting CMS Search delivery cross site scripting CWE-79 3.5 Low2023-07-20
CVE-2023-3785 PaulPrinting CMS cross site scripting CWE-79 3.5 Low2023-07-20
CVE-2023-36828 Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG CWE-79 5.5 Medium2023-07-05
CVE-2023-33195 Craft CMS XSS in RSS widget feed CWE-79 5.0 Medium2023-05-27
CVE-2023-33194 CraftCMS stored XSS in Quick Post widget error message CWE-80 3.7 Low2023-05-26
CVE-2023-33196 Craft CMS stored XSS in review volume CWE-80 5.5 Medium2023-05-26

All 213 known CVE vulnerabilities affecting cms with full Chinese analysis, references, and POCs where available.