Twilightcms Twilight Cms vulnerabilities
3 known vulnerabilities affecting twilightcms/twilight_cms.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2013-4900P3MEDIUMCVSS 5.0PoCv5.172013-09-09
CVE-2013-4900 [MEDIUM] CWE-22 CVE-2013-4900: Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twiligh
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
nvd
CVE-2009-3856P4MEDIUMCVSS 4.3PoCfixed in 4.12009-11-04
CVE-2009-3856 [MEDIUM] CWE-79 CVE-2009-3856: Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allo
Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information.
nvd
CVE-2013-4899P4MEDIUMCVSS 4.3≤ 5.172013-09-09
CVE-2013-4899 [MEDIUM] CWE-79 CVE-2013-4899: Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote att
Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page.
nvd