Diafan Diafan.Cms vulnerabilities
2 known vulnerabilities affecting diafan/diafan.cms.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2011-5318P4MEDIUMCVSS 6.8PoC≤ 5.02015-01-01
CVE-2011-5318 [MEDIUM] CWE-352 CVE-2011-5318: Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote att
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post act
nvd
CVE-2023-37164P4MEDIUMCVSS 6.1v6.02023-07-20
CVE-2023-37164 [MEDIUM] CWE-79 CVE-2023-37164: Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter
Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.
nvd