Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s-cms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20477
An issue exists in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.
S-cms S-cms 3.0
7.5
CVSSv3
CVE-2018-20478
An issue exists in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value.
S-cms S-cms 1.0
6.1
CVSSv3
CVE-2019-9925
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
S-cms S-cms 1.0
6.1
CVSSv3
CVE-2020-20425
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
S-cms S-cms 5.0
6.1
CVSSv3
CVE-2020-20426
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
S-cms S-cms 5.0
4.8
CVSSv3
CVE-2020-20699
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
S-cms S-cms 3.0
4.8
CVSSv3
CVE-2020-20700
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
S-cms S-cms 3.0
6.1
CVSSv3
CVE-2019-17368
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
S-cms S-cms 1.5
9.8
CVSSv3
CVE-2018-18427
s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.
S-cms S-cms 3.0
6.1
CVSSv3
CVE-2018-19145
An issue exists in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
S-cms S-cms 1.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »