Sitemagic - Sitemagic CVE

Filtered by vendor Sitemagic Subscribe

Filtered by product Sitemagic

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-18219	1 Sitemagic	1 Sitemagic	2019-10-24	4.3 MEDIUM	6.1 MEDIUM
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter.
CVE-2019-10238	1 Sitemagic	1 Sitemagic	2019-03-28	4.3 MEDIUM	6.1 MEDIUM
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter.

Vulnerabilities (CVE)