Every CVE whose affected-product data names Diafan Diafan.cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2011-5318 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of…
CVE-2023-37164 — CVSS 6.1 (medium): Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.