CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-39486

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://www.navidkagalwalla.com/gila-cms-vulnerabilities
https://www.navidkagalwalla.com/gila-cms-vulnerabilities

Products affected by CVE-2021-39486

Gilacms » Gila Cms » Version: 2.2.0

cpe:2.3:a:gilacms:gila_cms:2.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-39486

Products

Pricing

Contact Us