Fiyo Cms vulnerabilities
26 known vulnerabilities affecting fiyo/fiyo_cms.
Total CVEs
26
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH8MEDIUM5
Vulnerabilities
Page 2 of 2
CVE-2017-17102P3HIGHCVSS 7.5v2.0.72017-12-04
CVE-2017-17102 [HIGH] CWE-89 CVE-2017-17102: Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].
nvd
CVE-2014-9146P4MEDIUMCVSS 4.3PoCv2.0.1.82015-04-14
CVE-2014-9146 [MEDIUM] CWE-79 CVE-2014-9146: Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to in
Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.
nvd
CVE-2020-35373P4MEDIUMCVSS 6.1v2.0.6.12021-06-17
CVE-2020-35373 [MEDIUM] CWE-79 CVE-2020-35373: In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.
In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.
nvd
CVE-2018-18545P4MEDIUMCVSS 6.1v2.0.72018-10-21
CVE-2018-18545 [MEDIUM] CWE-79 CVE-2018-18545: Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.
Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.
nvd
CVE-2017-13778P4MEDIUMCVSS 6.1v2.0.72017-08-30
CVE-2017-13778 [MEDIUM] CWE-79 CVE-2017-13778: Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
nvd
CVE-2014-4032P4MEDIUMCVSS 4.3v1.5.72014-06-11
CVE-2014-4032 [MEDIUM] CWE-79 CVE-2014-4032: Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allo
Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.
nvd
← Previous2 / 2