Filtered by vendor Publiccms
Subscriptions
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2911 | 1 Publiccms | 1 Publiccms | 2025-08-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7949 | 2 Publiccms, Sanluan | 2 Publiccms, Publiccms | 2025-08-20 | 3.5 Low |
| A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-7953 | 2 Publiccms, Sanluan | 2 Publiccms, Publiccms | 2025-08-20 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-25361 | 1 Publiccms | 1 Publiccms | 2025-07-01 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. | ||||
| CVE-2023-51252 | 1 Publiccms | 1 Publiccms | 2025-06-20 | 5.4 Medium |
| PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing. | ||||
| CVE-2024-31759 | 1 Publiccms | 1 Publiccms | 2025-06-12 | 8.8 High |
| An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. | ||||
| CVE-2024-46410 | 1 Publiccms | 1 Publiccms | 2025-04-23 | 4.8 Medium |
| PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature | ||||
| CVE-2024-42523 | 1 Publiccms | 1 Publiccms | 2025-04-21 | 7.2 High |
| publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData | ||||
| CVE-2024-40552 | 1 Publiccms | 1 Publiccms | 2025-03-26 | 8.8 High |
| PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | ||||
| CVE-2024-40544 | 1 Publiccms | 1 Publiccms | 2025-03-26 | 8.8 High |
| PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. | ||||
| CVE-2024-40549 | 1 Publiccms | 1 Publiccms | 2025-03-25 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40547 | 1 Publiccms | 1 Publiccms | 2025-03-13 | 6.5 Medium |
| PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace. | ||||
| CVE-2020-20915 | 1 Publiccms | 1 Publiccms | 2025-02-14 | 9.8 Critical |
| SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | ||||
| CVE-2020-20914 | 1 Publiccms | 1 Publiccms | 2025-02-14 | 9.8 Critical |
| SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. | ||||
| CVE-2023-34852 | 1 Publiccms | 1 Publiccms | 2024-12-18 | 9.8 Critical |
| PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. | ||||
| CVE-2024-11070 | 2 Publiccms, Sanluan | 2 Publiccms, Publiccms | 2024-11-23 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-40551 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 6.2 Medium |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40550 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40548 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40546 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||