threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sscms siteserver cms
Product
sscms siteserver cms
15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-52237
all versions
An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.
6.5
MEDIUM
CVE-2025-45529
all versions
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files
7.1
HIGH
CVE-2023-43953
all versions
SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.
5.4
MEDIUM
CVE-2023-43952
all versions
SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component.
5.4
MEDIUM
CVE-2023-43951
all versions
SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component.
5.4
MEDIUM
CVE-2023-2862
<= 7.2.1
A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of
3.5
LOW
CVE-2022-44299
all versions
SiteServerCMS 7.1.3 sscms has a file read vulnerability.
4.9
MEDIUM
CVE-2022-44298
all versions
SiteServer CMS 7.1.3 is vulnerable to SQL Injection.
9.8
CRITICAL
CVE-2022-44297
all versions
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.
9.8
CRITICAL
CVE-2022-30349
all versions
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).
6.1
MEDIUM
CVE-2021-42656
all versions
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
5.4
MEDIUM
CVE-2021-42655
all versions
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
8.8
HIGH
CVE-2021-42654
< 5.1
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execu
9.8
CRITICAL
CVE-2022-28118
>= 7.0.0 and <= 7.1.2
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
9.8
CRITICAL
CVE-2006-1405
<= 2.1.0
Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite.NET Content Management System (ssCMS) 2.1.0 and earlier allo
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin