evolutioncms/evolution
Packagist4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting evolutioncms/evolutionpage 1 of 1
- CVE-2018-16637MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.4.62018-12-28
vulnerable: 1.4.2, 1.4.3, 1.4.4, 1.4.5
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.
- CVE-2018-16638MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.4.62018-12-28
vulnerable: 1.4.2, 1.4.3, 1.4.4, 1.4.5
Evolution CMS 1.4.x allows XSS via the manager/ search parameter.
- CVE-2023-43340MEDIUMCVSS 5.2EG 5.22023-10-19
vulnerable: 1.4.10 ... 3.2.3 (44 versions)
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
- CVE-2023-43341MEDIUMCVSS 6.1EG 6.12023-10-19
vulnerable: 1.4.10 ... 3.2.3 (44 versions)
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
Check whether evolutioncms/evolution is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for evolutioncms/evolution CVEs against the assets you own.
Start Free Scan →