IDCVSSSummaryLast (major) updatePublished
CVE-2018-10430 3.5
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.
06-06-2018 - 12:56 26-04-2018 - 17:29
CVE-2018-18209 4.3
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.
21-11-2018 - 21:00 10-10-2018 - 16:29
CVE-2018-18210 4.3
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.
21-11-2018 - 21:03 10-10-2018 - 16:29
CVE-2018-19291 5.8
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
16-04-2019 - 12:37 15-11-2018 - 06:29
CVE-2019-8438 3.5
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name.
08-03-2019 - 01:53 07-03-2019 - 23:29
CVE-2019-8439 3.5
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain.
08-03-2019 - 01:52 07-03-2019 - 23:29
CVE-2019-8440 3.5
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo.
08-03-2019 - 01:53 07-03-2019 - 23:29
Back to Top Mark selected
Back to Top