unacms/UNA

unacms/UNA

Releases91

Frequency1 month 2 weeks

Last Release 8 days ago

Stars314

UNA Community Management System

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-66571 ↗	Dec 4, 2025Thursday, 4 December 2025, 21:16	—	—
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.
CVE-2019-14805 ↗	Aug 9, 2019Friday, 9 August 2019, 14:15	—	3.5 LOW
studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing.
CVE-2019-14804 ↗	Aug 9, 2019Friday, 9 August 2019, 14:15	—	3.5 LOW
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.