Filtered by vendor Publiccms Subscriptions
Total 32 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-21333 1 Publiccms 1 Publiccms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
CVE-2020-20915 1 Publiccms 1 Publiccms 2024-11-21 9.8 Critical
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.
CVE-2020-20914 1 Publiccms 1 Publiccms 2024-11-21 9.8 Critical
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.
CVE-2018-18927 1 Publiccms 1 Publiccms 2024-11-21 N/A
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.
CVE-2018-17368 1 Publiccms 1 Publiccms 2024-11-21 N/A
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
CVE-2018-12914 1 Publiccms 1 Publiccms 2024-11-21 N/A
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
CVE-2018-12494 1 Publiccms 1 Publiccms 2024-11-21 N/A
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.
CVE-2018-12493 1 Publiccms 1 Publiccms 2024-11-21 N/A
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.
CVE-2018-11500 1 Publiccms 1 Publiccms 2024-11-21 N/A
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.
CVE-2024-11175 1 Publiccms 1 Publiccms 2024-11-16 3.5 Low
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.
CVE-2024-46410 1 Publiccms 1 Publiccms 2024-10-10 4.8 Medium
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature
CVE-2024-42523 1 Publiccms 1 Publiccms 2024-08-23 7.2 High
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData