CVE-2022-50937
- EPSS 0.04%
- Veröffentlicht 13.01.2026 22:52:02
- Zuletzt bearbeitet 02.02.2026 16:16:17
Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise...
CVE-2024-30614
- EPSS 0.15%
- Veröffentlicht 12.04.2024 06:15:06
- Zuletzt bearbeitet 11.04.2025 14:30:40
An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.
CVE-2022-26159
- EPSS 88.59%
- Veröffentlicht 28.02.2022 04:15:07
- Zuletzt bearbeitet 21.11.2024 06:53:32
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all charact...
CVE-2017-16935
- EPSS 7.14%
- Veröffentlicht 24.11.2017 07:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing...