Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-8438 | 1 Dilicms | 1 Dilicms | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. | |||||
CVE-2019-8439 | 1 Dilicms | 1 Dilicms | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. | |||||
CVE-2019-8440 | 1 Dilicms | 1 Dilicms | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. | |||||
CVE-2018-18209 | 1 Dilicms | 1 Dilicms | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. | |||||
CVE-2018-19291 | 1 Dilicms | 1 Dilicms | 2024-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. | |||||
CVE-2018-18210 | 1 Dilicms | 1 Dilicms | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. | |||||
CVE-2018-10430 | 1 Dilicms | 1 Dilicms | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. |