Vulnerabilities (CVE)

Filtered by vendor Ucms Project Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 9 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-20781	1 Ucms Project	1 Ucms	2021-10-03	3.5 LOW	5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
CVE-2021-25809	1 Ucms Project	1 Ucms	2021-08-03	5.0 MEDIUM	5.3 MEDIUM
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
CVE-2020-24981	1 Ucms Project	1 Ucms	2021-07-21	5.0 MEDIUM	5.3 MEDIUM
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.
CVE-2018-16804	1 Ucms Project	1 Ucms	2019-03-08	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.
CVE-2018-20597	1 Ucms Project	1 Ucms	2019-01-04	3.5 LOW	4.8 MEDIUM
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
CVE-2018-20600	1 Ucms Project	1 Ucms	2019-01-04	4.3 MEDIUM	6.1 MEDIUM
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
CVE-2018-20601	1 Ucms Project	1 Ucms	2019-01-04	3.5 LOW	4.8 MEDIUM
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
CVE-2018-17320	1 Ucms Project	1 Ucms	2018-11-13	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
CVE-2018-17034	1 Ucms Project	1 Ucms	2018-11-07	4.3 MEDIUM	6.1 MEDIUM
UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter.