Filtered by vendor Cmseasy
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42644 | 1 Cmseasy | 1 Cmseasy | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability. | |||||
| CVE-2021-42643 | 1 Cmseasy | 1 Cmseasy | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability. | |||||
| CVE-2019-8434 | 1 Cmseasy | 1 Cmseasy | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | |||||
| CVE-2019-8432 | 1 Cmseasy | 1 Cmseasy | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | |||||
| CVE-2018-11679 | 1 Cmseasy | 1 Cmseasy | 2018-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. | |||||
| CVE-2018-11680 | 1 Cmseasy | 1 Cmseasy | 2018-07-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. | |||||