SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NSscms
APPSscms7.2.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2025-52237MEDIUM6.5ten sam produkt
An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directo...
CVE-2022-44298CRITICAL9.8ten sam vendor
SiteServer CMS 7.1.3 is vulnerable to SQL Injection.
CVE-2022-44297CRITICAL9.8ten sam vendor
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.
CVE-2021-42654CRITICAL9.8ten sam vendor
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which co...
CVE-2022-28118CRITICAL9.8ten sam vendor
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.