Skip to main content

Ulicms

3 CVEs product

Monthly

CVE-2020-12704 MEDIUM POC This Month

UliCMS before 2020.2 has PageController stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ulicms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-12703 MEDIUM This Month

UliCMS before 2020.2 has XSS during PackageController uninstall. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ulicms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-11398 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ulicms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.5%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

UliCMS before 2020.2 has PageController stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ulicms
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM This Month

UliCMS before 2020.2 has XSS during PackageController uninstall. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ulicms
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ulicms
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy