diafan CVE Vulnerabilities & CVE List (2)

Products (CPE): — CVEs: 2

diafan vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to diafan, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 12 of 2 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-37164 Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search. [email protected] 6.1 0.49% 2023-07-20 2026-06-17
CVE-2011-5318 Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/. [email protected] 6.8 1.06% 2015-01-01 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence