cbcvebase.

Ucms Project Ucms vulnerabilities

27 known vulnerabilities affecting ucms_project/ucms.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH7MEDIUM12

Vulnerabilities

Page 2 of 2
CVE-2018-17320P4MEDIUMCVSS 6.1v1.4.62018-09-21
CVE-2018-17320 [MEDIUM] CWE-79 CVE-2018-17320: An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo p An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
nvd
CVE-2018-20600P4MEDIUMCVSS 6.1v1.4.72018-12-30
CVE-2018-20600 [MEDIUM] CWE-79 CVE-2018-20600: sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
nvd
CVE-2022-38527P4MEDIUMCVSS 6.1v1.62022-09-19
CVE-2022-38527 [MEDIUM] CWE-79 CVE-2022-38527: UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import func UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
nvd
CVE-2020-20781P4MEDIUMCVSS 5.4v1.4.72021-09-29
CVE-2020-20781 [MEDIUM] CWE-79 CVE-2020-20781: A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allo A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
nvd
CVE-2021-25809P4MEDIUMCVSS 5.3v1.5.02021-07-23
CVE-2021-25809 [MEDIUM] CWE-209 CVE-2021-25809: UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the ad UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
nvd
CVE-2018-20601P4MEDIUMCVSS 4.8v1.4.72018-12-30
CVE-2018-20601 [MEDIUM] CWE-79 CVE-2018-20601: UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
nvd
CVE-2018-20597P4MEDIUMCVSS 4.8v1.4.72018-12-30
CVE-2018-20597 [MEDIUM] CWE-79 CVE-2018-20597: UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
nvd