Peithon

import base64
import re
import xml.dom.minidom
import json
import uuid
import struct
import string
import random
import hashlib
import time

Peithon

Product: S-CMS

CVE: CVE-2020-20701

Version: PHP enterprise edition v3.0

Vulnerability: Stored Cross-Site Scripting

Vulnerability Description:  A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Peithon

Product: S-CMS

CVE: CVE-2020-20700

Version: PHP enterprise edition v3.0

Vulnerability: Stored Cross-Site Scripting

Vulnerability Description:  A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.

Peithon

Product: S-CMS

CVE: CVE-2020-20699

Version: PHP enterprise edition v3.0

Vulnerability: Stored Cross-Site Scripting

Vulnerability Description:  A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.

Peithon

Product: S-CMS

CVE: CVE-2020-20698

Version: PHP enterprise edition v3.0

Vulnerability: Remote Code Execution

Vulnerability Description:  A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.

Peithon

Product: LightCMS

CVE: CVE-2021-3355

Version: v1.3.4

Vulnerability: Stored Cross-Site Scripting

Vulnerability Description:  LightCMS v1.3.4 allowing an attacker to execute HTML or JavaScript code via "exclusive" parameter at `/admin/SensitiveWords` page.