gilacms/gila
Packagist8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting gilacms/gilapage 1 of 1
- CVE-2020-20523MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.11.42023-08-11
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.
- CVE-2020-20693HIGHCVSS 8.8EG 8.82021-09-27
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
- CVE-2020-20695MEDIUMCVSS 5.4EG 5.42021-09-27
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
- CVE-2020-20696MEDIUMCVSS 5.4EG 5.42021-09-27
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
- CVE-2020-20726HIGHCVSS 8.8EG 8.82023-06-20
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
- CVE-2020-26623LOWCVSS 3.8EG 6.52024-01-02
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
- CVE-2020-26624LOWCVSS 3.8EG 3.82024-01-02
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
- CVE-2020-26625LOWCVSS 3.8EG 3.82024-01-02
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
Check whether gilacms/gila is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gilacms/gila CVEs against the assets you own.
Start Free Scan →