Advisories for Nuget/SSCMS package

2023

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier …

2022

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.

Unrestricted Upload of File with Dangerous Type

A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.