U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:dilicms:dilicms:2.4.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2019-8440

An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo.

Published: March 07, 2019; 6:29:01 PM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2019-8439

An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain.

Published: March 07, 2019; 6:29:01 PM -0500 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-8438

An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name.

Published: March 07, 2019; 6:29:01 PM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-19291

An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.

Published: November 15, 2018; 1:29:00 AM -0500 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2018-18210

XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.

Published: October 10, 2018; 12:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-18209

XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.

Published: October 10, 2018; 12:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-10430

An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.

Published: April 26, 2018; 1:29:00 PM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW