Gilacms: >> Gila Cms >> 2.2.0 Security Vulnerabilities
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-04
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-04