Constructr : Security Vulnerabilities, CVEs,
Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-04-19
Updated
2024-04-19
A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the settings.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-22
Updated
2024-02-22
A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-22
Updated
2024-02-23
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.
Max CVSS
5.1
EPSS Score
0.61%
Published
2009-01-06
Updated
2017-09-29
SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter.
Max CVSS
5.1
EPSS Score
0.17%
Published
2009-01-06
Updated
2017-09-29
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
Max CVSS
2.6
EPSS Score
0.19%
Published
2009-01-05
Updated
2017-09-29
9 vulnerabilities found