Gleez Cms vulnerabilities
6 known vulnerabilities affecting gleez/cms.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2018-15845P3HIGHPoC≥ 0, ≤ 1.2.02022-05-14
CVE-2018-15845 [HIGH] CWE-352 Gleez CMS CSRF Allows Adding of Administrator Accounts
Gleez CMS CSRF Allows Adding of Administrator Accounts
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via `admin/users/add`.
ghsaosv
CVE-2021-27312P3CRITICAL≥ 0, ≤ 1.2.02024-04-03
CVE-2021-27312 [CRITICAL] CWE-918 Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php.
ghsaosv
CVE-2018-7035P4MEDIUM≥ 0, ≤ 1.2.02022-05-14
CVE-2018-7035 [MEDIUM] CWE-79 Gleez CMS Stored XSS
Gleez CMS Stored XSS
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
ghsaosv
CVE-2018-1999021P4MEDIUM≥ 0, ≤ 1.3.02022-05-14
CVE-2018-1999021 [MEDIUM] CWE-79 Gleez Cms Cross-site Scripting in Profile Page
Gleez Cms Cross-site Scripting in Profile Page
Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in injection of arbitrary web script or HTML via the profile page editor. The victim must navigate to the attacker's profile page to exploit this vulnerability.
ghsaosv
CVE-2018-16347P4MEDIUM≥ 0, ≤ 1.2.02022-05-14
CVE-2018-16347 [MEDIUM] CWE-79 Gleez CMS Vulnerable to Cross-site Scripting in media/imagecache/resize
Gleez CMS Vulnerable to Cross-site Scripting in media/imagecache/resize
An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize.
ghsaosv
CVE-2018-16704P4MEDIUM≥ 0, ≤ 1.2.02022-05-13
CVE-2018-16704 [MEDIUM] CWE-639 Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to `user/3` on `demo.gleezcms.org`.
ghsaosv