Filtered by vendor Sscms
Subscriptions
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4222 | 1 Sscms | 1 Sscms | 2026-03-17 | 3.8 Low |
| A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4234 | 1 Sscms | 1 Sscms | 2026-03-16 | 6.3 Medium |
| A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-52237 | 1 Sscms | 1 Sscms | 2025-08-15 | 6.5 Medium |
| An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. | ||||
| CVE-2025-45529 | 1 Sscms | 1 Siteserver Cms | 2025-06-30 | 7.1 High |
| An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor. | ||||
| CVE-2023-43953 | 1 Sscms | 1 Sscms | 2025-05-29 | 5.4 Medium |
| SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component. | ||||
| CVE-2022-44297 | 1 Sscms | 1 Siteserver Cms | 2025-03-31 | 9.8 Critical |
| SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. | ||||
| CVE-2022-44298 | 1 Sscms | 1 Siteserver Cms | 2025-03-28 | 9.8 Critical |
| SiteServer CMS 7.1.3 is vulnerable to SQL Injection. | ||||
| CVE-2022-44299 | 1 Sscms | 1 Siteserver Cms | 2025-03-19 | 4.9 Medium |
| SiteServerCMS 7.1.3 sscms has a file read vulnerability. | ||||
| CVE-2023-2862 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-30349 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 6.1 Medium |
| siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-28118 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 9.8 Critical |
| SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. | ||||
| CVE-2021-42656 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 5.4 Medium |
| SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-42655 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 8.8 High |
| SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | ||||
| CVE-2021-42654 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 9.8 Critical |
| SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. | ||||
Page 1 of 1.