SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
9.8CVSS
9.5AI Score
0.003EPSS
8.8CVSS
9AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
9.8CVSS
9.6AI Score
0.005EPSS
6.1CVSS
6AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.002EPSS
9.8CVSS
9.5AI Score
0.002EPSS
4.9CVSS
5AI Score
0.001EPSS
A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...
6.1CVSS
5.9AI Score
0.001EPSS