Skip to main content

Clippercms

9 CVEs product

Monthly

CVE-2022-41497 CRITICAL POC Act Now

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Clippercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41495 CRITICAL POC Act Now

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Clippercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2018-19424 HIGH This Week

ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Clippercms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.8%
CVE-2018-19135 HIGH POC This Week

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload CSRF Clippercms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-13998 MEDIUM POC This Month

ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-13106 MEDIUM POC This Month

ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-11572 MEDIUM POC This Month

ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-11571 HIGH This Week

ClipperCMS 1.3.3 allows Session Fixation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Clippercms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-11332 MEDIUM POC This Month

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clippercms
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Clippercms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Clippercms
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Clippercms
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload CSRF Clippercms
NVD GitHub Exploit-DB
EPSS 1% CVSS 4.8
MEDIUM POC This Month

ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

ClipperCMS 1.3.3 allows Session Fixation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Clippercms
NVD GitHub
EPSS 2% CVSS 4.8
MEDIUM POC This Month

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clippercms
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy