Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Publiccms
(Publiccms)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 28 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-09-15 | CVE-2021-40881 | An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code. | Publiccms | 9.8 | ||
2021-07-09 | CVE-2020-21333 | Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. | Publiccms | 5.4 | ||
2018-06-15 | CVE-2018-12493 | An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | Publiccms | 6.5 | ||
2018-11-04 | CVE-2018-18927 | An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | Publiccms | 4.8 | ||
2018-09-23 | CVE-2018-17368 | An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks. | Publiccms | 5.3 | ||
2018-06-27 | CVE-2018-12914 | A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | Publiccms | 9.8 | ||
2018-06-15 | CVE-2018-12494 | An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | Publiccms | 6.5 | ||
2018-05-26 | CVE-2018-11500 | An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | Publiccms | 8.8 |