Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40881 | 1 Publiccms | 1 Publiccms | 2021-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code. | |||||
| CVE-2020-21333 | 1 Publiccms | 1 Publiccms | 2021-07-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. | |||||
| CVE-2018-17368 | 1 Publiccms | 1 Publiccms | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks. | |||||
| CVE-2018-12493 | 1 Publiccms | 1 Publiccms | 2019-05-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | |||||
| CVE-2018-12494 | 1 Publiccms | 1 Publiccms | 2019-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | |||||
| CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2018-12-11 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | |||||
| CVE-2018-12914 | 1 Publiccms | 1 Publiccms | 2018-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | |||||
| CVE-2018-11500 | 1 Publiccms | 1 Publiccms | 2018-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | |||||