Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
content management system vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2006-7079
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and previous versions allows remote malicious users to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'...
Exv2 Content Management System
1 EDB exploit
7.5
CVSSv2
CVE-2007-1949
Session fixation vulnerability in WebBlizzard CMS allows remote malicious users to hijack web sessions by setting a PHPSESSID cookie.
Webblizzard Content Management System
4.3
CVSSv2
CVE-2007-1965
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
Exv2 Content Management System
4.3
CVSSv2
CVE-2007-1950
Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote malicious users to inject arbitrary web script or HTML via the Suchzeile parameter.
Webblizzard Content Management System
3.5
CVSSv2
CVE-2022-26565
A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page.
Totaljs Content Management System
6.5
CVSSv2
CVE-2015-3424
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote malicious users to execute arbitrary SQL commands via the SIDX parameter.
Accentis Content Resource Management System
3.5
CVSSv2
CVE-2015-4427
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) prior to 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_...
Ektron Ektron Content Management System
7.5
CVSSv2
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System (CMS) prior to 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote malicious users to read arbitrary files and consequently bypass authentication, modify viewstate, cause a...
Ektron Ektron Content Management System
NA
CVE-2022-3770
A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclos...
Xjyunjing Yunjing Content Management System -
7.5
CVSSv2
CVE-2012-5357
Ektron Content Management System (CMS) prior to 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote malicious users to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
Ektron Ektron Content Management System
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »