CVE-2019-8438
- EPSS 0.24%
- Veröffentlicht 07.03.2019 23:29:01
- Zuletzt bearbeitet 21.11.2024 04:49:54
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name.
CVE-2019-8439
- EPSS 0.21%
- Veröffentlicht 07.03.2019 23:29:01
- Zuletzt bearbeitet 21.11.2024 04:49:54
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain.
CVE-2019-8440
- EPSS 0.24%
- Veröffentlicht 07.03.2019 23:29:01
- Zuletzt bearbeitet 21.11.2024 04:49:54
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo.
CVE-2018-19291
- EPSS 0.08%
- Veröffentlicht 15.11.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:41
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
CVE-2018-18209
- EPSS 0.24%
- Veröffentlicht 10.10.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:32
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.
CVE-2018-18210
- EPSS 0.24%
- Veröffentlicht 10.10.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:32
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.
CVE-2018-10430
- EPSS 0.24%
- Veröffentlicht 26.04.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:21
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.