Skip to main content

Evolution Cms

5 CVEs product

Monthly

CVE-2023-43340 PHP MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Evolution Cms
NVD GitHub
CVSS 3.1
5.2
EPSS
0.5%
CVE-2023-43341 PHP MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Evolution Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-14518 MEDIUM POC This Month

Evolution CMS 2.0.x allows XSS via a description and new category location in a template. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-16638 PHP MEDIUM POC PATCH This Month

Evolution CMS 1.4.x allows XSS via the manager/ search parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16637 PHP MEDIUM POC PATCH This Month

Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
EPSS 0% CVSS 5.2
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Evolution Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Evolution Cms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Evolution CMS 2.0.x allows XSS via a description and new category location in a template. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Evolution CMS 1.4.x allows XSS via the manager/ search parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy