Product:

Siteserver_cms

(Sscms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 10
Date Id Summary Products Score Patch Annotated
2025-05-27 CVE-2025-45529 An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor. Siteserver_cms N/A
2023-02-16 CVE-2022-44299 SiteServerCMS 7.1.3 sscms has a file read vulnerability. Siteserver_cms 4.9
2022-05-03 CVE-2022-28118 SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. Siteserver_cms 9.8
2022-05-24 CVE-2021-42654 SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. Siteserver_cms 9.8
2022-05-24 CVE-2021-42655 SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. Siteserver_cms 8.8
2022-05-24 CVE-2021-42656 SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. Siteserver_cms 5.4
2022-06-02 CVE-2022-30349 siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). Siteserver_cms 6.1
2023-01-26 CVE-2022-44297 SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. Siteserver_cms 9.8
2023-01-27 CVE-2022-44298 SiteServer CMS 7.1.3 is vulnerable to SQL Injection. Siteserver_cms 9.8
2023-05-24 CVE-2023-2862 A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability. Siteserver_cms 6.1