Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-1223
Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag.
Jupiter Cms Jupiter Cms 1.1.4
Jupiter Cms Jupiter Cms
1 EDB exploit
NA
CVE-2006-4533
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and previous versions allow remote malicious users to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (...
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
NA
CVE-2010-0984
Acidcat CMS 3.5.3 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
Acidcat Acidcat Cms 3.4.0
Acidcat Acidcat Cms
Acidcat Acidcat Cms 2.1.13
Acidcat Acidcat Cms 2.1.12
Acidcat Acidcat Cms 3.5.2
Acidcat Acidcat Cms 3.5.1
Acidcat Acidcat Cms 3.5.0
Acidcat Acidcat Cms 2.1.11
Acidcat Acidcat Cms 3.3.5
Acidcat Acidcat Cms 3.4.2
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
4.7
CVSSv3
CVE-2016-2784
CMS Made Simple 2.x prior to 2.1.3 and 1.x prior to 1.12.2, when Smarty Cache is activated, allow remote malicious users to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
Cmsmadesimple Cms Made Simple 2.1.1
Cmsmadesimple Cms Made Simple 2.1
Cmsmadesimple Cms Made Simple 1.11.11
Cmsmadesimple Cms Made Simple 1.11.10
Cmsmadesimple Cms Made Simple 1.11.3
Cmsmadesimple Cms Made Simple 1.11.2.1
Cmsmadesimple Cms Made Simple 1.10
Cmsmadesimple Cms Made Simple 1.9.4.3
Cmsmadesimple Cms Made Simple 1.9.4.2
Cmsmadesimple Cms Made Simple 1.6.10
Cmsmadesimple Cms Made Simple 1.6.9
Cmsmadesimple Cms Made Simple 1.6.7
Cmsmadesimple Cms Made Simple 1.6.6
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.5.2
Cmsmadesimple Cms Made Simple 1.2.5
Cmsmadesimple Cms Made Simple 1.2.4
Cmsmadesimple Cms Made Simple 1.1.2
Cmsmadesimple Cms Made Simple 1.1.1
Cmsmadesimple Cms Made Simple 1.0.2
Cmsmadesimple Cms Made Simple 1.0.1
Cmsmadesimple Cms Made Simple 1.12.1
1 EDB exploit
NA
CVE-2012-1992
Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).
Cmsmadesimple Cms Made Simple
Cmsmadesimple Cms Made Simple 1.10.2
Cmsmadesimple Cms Made Simple 1.9.2
Cmsmadesimple Cms Made Simple 1.9
Cmsmadesimple Cms Made Simple 1.0
Cmsmadesimple Cms Made Simple 1.6.5
Cmsmadesimple Cms Made Simple 1.6.6
Cmsmadesimple Cms Made Simple 1.5.2
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.1.4.1
Cmsmadesimple Cms Made Simple 1.1.1
Cmsmadesimple Cms Made Simple 1.4.1
Cmsmadesimple Cms Made Simple 1.6.8
Cmsmadesimple Cms Made Simple 1.2
Cmsmadesimple Cms Made Simple 1.1
Cmsmadesimple Cms Made Simple 1.0.5
Cmsmadesimple Cms Made Simple 1.2.2
Cmsmadesimple Cms Made Simple 0.1
Cmsmadesimple Cms Made Simple 0.6
Cmsmadesimple Cms Made Simple 0.7.1
Cmsmadesimple Cms Made Simple 0.2.1
Cmsmadesimple Cms Made Simple 0.10.2
9.9
CVSSv3
CVE-2020-7357
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. Thi...
Cayintech Cms-se Firmware 11.0
Cayintech Cms-se-lxc Firmware -
Cayintech Cms-60 Firmware 11.0
Cayintech Cms-40 Firmware 9.0
Cayintech Cms-20 Firmware 9.0
Cayintech Cms 7.5
Cayintech Cms 8.0
Cayintech Cms 8.2
NA
CVE-2012-1834
Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin prior to 0.8.9 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-gener...
Cms Tree Page View Project Cms Tree Page View 0.8.3
Cms Tree Page View Project Cms Tree Page View 0.8.2
Cms Tree Page View Project Cms Tree Page View 0.7.16
Cms Tree Page View Project Cms Tree Page View 0.7.15
Cms Tree Page View Project Cms Tree Page View 0.7.8
Cms Tree Page View Project Cms Tree Page View 0.7.7
Cms Tree Page View Project Cms Tree Page View 0.6.3
Cms Tree Page View Project Cms Tree Page View 0.6.2
Cms Tree Page View Project Cms Tree Page View 0.5.3
Cms Tree Page View Project Cms Tree Page View 0.5.2
Cms Tree Page View Project Cms Tree Page View 0.4.5
Cms Tree Page View Project Cms Tree Page View 0.4.4
Cms Tree Page View Project Cms Tree Page View 0.1a
Cms Tree Page View Project Cms Tree Page View 0.8.1
Cms Tree Page View Project Cms Tree Page View 0.8
Cms Tree Page View Project Cms Tree Page View 0.7.14
Cms Tree Page View Project Cms Tree Page View 0.7.13
Cms Tree Page View Project Cms Tree Page View 0.7.6
Cms Tree Page View Project Cms Tree Page View 0.7.5
Cms Tree Page View Project Cms Tree Page View 0.6.1
Cms Tree Page View Project Cms Tree Page View 0.6
Cms Tree Page View Project Cms Tree Page View 0.5.1
NA
CVE-2010-0989
Directory traversal vulnerability in delete.php in Pulse CMS prior to 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.
Pulsecms Pulse Cms 1.2
Pulsecms Pulse Cms 1.18
Pulsecms Pulse Cms
Pulsecms Pulse Cms 1.2.1
Pulsecms Pulse Cms 1.01
Pulsecms Pulse Cms 1.0
Pulsecms Pulse Cms 1.15
Pulsecms Pulse Cms 1.1
Pulsecms Pulse Cms 1.17
Pulsecms Pulse Cms 1.16
NA
CVE-2010-0988
Multiple unspecified vulnerabilities in Pulse CMS prior to 1.2.3 allow (1) remote malicious users to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to w...
Pulsecms Pulse Cms 1.17
Pulsecms Pulse Cms 1.16
Pulsecms Pulse Cms 1.2
Pulsecms Pulse Cms 1.18
Pulsecms Pulse Cms
Pulsecms Pulse Cms 1.2.1
Pulsecms Pulse Cms 1.0
Pulsecms Pulse Cms 1.15
Pulsecms Pulse Cms 1.1
Pulsecms Pulse Cms 1.01
NA
CVE-2008-4356
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote malicious users to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting mo...
Kasseler-cms Kasseler Cms 1.1.0
Kasseler-cms Kasseler Cms 1.2.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »