CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Sitemagic: >> Sitemagic >> 4.4.1 Security Vulnerabilities

CVE-2019-18219

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter.

CVSS Score

6.1

EPSS Score

0.002

Published

2019-10-23

CVE-2019-18220

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions.

CVSS Score

8.8

EPSS Score

0.006

Published

2019-10-23

Page 1

Vulnerabilities

Vulnerable Software

Sitemagic: >> Sitemagic >> 4.4.1 Security Vulnerabilities

Products

Pricing

Contact Us