Gilacms: >> Gila Cms Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-27
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-27
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-11-16
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-05-21
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-05-21
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
CVSS Score
6.8
EPSS Score
0.008
Published
2020-01-06
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
CVSS Score
6.8
EPSS Score
0.026
Published
2020-01-06
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
CVSS Score
9.1
EPSS Score
0.008
Published
2020-01-06
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
CVSS Score
7.2
EPSS Score
0.641
Published
2020-01-06
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVSS Score
9.3
EPSS Score
0.003
Published
2019-10-13