lin-cms

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting lin-cmspage 1 of 1

CVE-2020-18698CRITICALCVSS 9.8EG 9.8
2021-08-16
vulnerable: 0.1.1a1 ... 0.4.9 (36 versions)
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.
CVE-2020-18699MEDIUMCVSS 6.1EG 6.1
2021-08-16
vulnerable: 0.1.1a1 ... 0.4.9 (36 versions)
Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'.
CVE-2020-18701CRITICALCVSS 9.8EG 9.8
2021-08-16
vulnerable: 0.1.1a1 ... 0.4.9 (36 versions)
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying p…
CVE-2022-44244MEDIUMCVSS 6.6EG 6.6
2022-11-09
vulnerable: 0.1.1a1 ... 0.2.0b3 (15 versions)
An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.

Check whether lin-cms is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for lin-cms CVEs against the assets you own.

Start Free Scan →