CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-19158

Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.8%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/TL-swallow/swallow/blob/master/S-CMS%20XSS1.docx
https://github.com/TL-swallow/swallow/blob/master/S-CMS%20XSS1.docx

Products affected by CVE-2020-19158

S-Cms » S-Cms » Version: 2019-10-14

cpe:2.3:a:s-cms:s-cms:2019-10-14

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-19158

Products

Pricing

Contact Us