Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20523 | 1 Gilacms | 1 Gila Cms | 2023-08-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation. | |||||
| CVE-2021-39486 | 1 Gilacms | 1 Gila Cms | 2021-10-12 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser. | |||||
| CVE-2020-20696 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. | |||||
| CVE-2020-20695 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | |||||
| CVE-2019-20803 | 1 Gilacms | 1 Gila Cms | 2020-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme. | |||||
| CVE-2020-5512 | 1 Gilacms | 1 Gila Cms | 2020-01-08 | 6.8 MEDIUM | 6.8 MEDIUM |
| Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. | |||||
| CVE-2020-5513 | 1 Gilacms | 1 Gila Cms | 2020-01-08 | 6.8 MEDIUM | 6.8 MEDIUM |
| Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. | |||||
| CVE-2019-17536 | 1 Gilacms | 1 Gila Cms | 2019-10-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move. | |||||
| CVE-2019-17535 | 1 Gilacms | 1 Gila Cms | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. | |||||
| CVE-2019-16679 | 1 Gilacms | 1 Gila Cms | 2019-09-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. | |||||
| CVE-2019-9647 | 1 Gilacms | 1 Gila Cms | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS 1.9.1 has XSS. | |||||
| CVE-2019-11515 | 1 Gilacms | 1 Gila Cms | 2019-04-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. | |||||