Every CVE whose affected-product data names Cmsuno Project Cmsuno, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-40889 — CVSS 9.8 (critical): CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to…
CVE-2020-25538 — CVSS 8.8 (high): An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in…
CVE-2020-25557 — CVSS 8.8 (high): In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when…
CVE-2021-36654 — CVSS 5.4 (medium): CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.