chekun/DiliCMS

chekun/DiliCMS

www.dilicms.com

Releases14

Frequency1 month 2 weeks

Last Release over 11 years ago

Stars191

DiligentCMS

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-8438 ↗	Mar 7, 2019Thursday, 7 March 2019, 23:29	—	3.5 LOW
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name.
CVE-2019-8439 ↗	Mar 7, 2019Thursday, 7 March 2019, 23:29	—	3.5 LOW
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain.
CVE-2019-8440 ↗	Mar 7, 2019Thursday, 7 March 2019, 23:29	—	3.5 LOW
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo.
CVE-2018-19291 ↗	Nov 15, 2018Thursday, 15 November 2018, 06:29	—	5.8 MEDIUM
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
CVE-2018-18209 ↗	Oct 10, 2018Wednesday, 10 October 2018, 16:29	—	4.3 MEDIUM
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.
CVE-2018-18210 ↗	Oct 10, 2018Wednesday, 10 October 2018, 16:29	—	4.3 MEDIUM
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.
CVE-2018-10430 ↗	Apr 26, 2018Thursday, 26 April 2018, 17:29	—	3.5 LOW
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.