汇总 clippercms 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本、SSRF与CSRF 相关,可能在 生产负载与软件部署 场景中带来 会话劫持 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2022-41497 | ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. | [email protected] | 9.8 | 0.38% | 2022-10-13 | 2025-05-15 |
| CVE-2022-41495 | ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. | [email protected] | 9.8 | 0.43% | 2022-10-13 | 2025-05-15 |
| CVE-2018-12101 | CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. | [email protected] | 5.4 | 0.35% | 2019-08-15 | 2024-11-21 |
| CVE-2018-19424 | ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. | [email protected] | 7.2 | 0.65% | 2018-11-21 | 2024-11-21 |
| CVE-2018-19135 | ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory. | [email protected] | 8.8 | 0.28% | 2018-11-11 | 2024-11-21 |
| CVE-2018-13998 | ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. | [email protected] | 4.8 | 0.24% | 2018-07-12 | 2024-11-21 |
| CVE-2018-13106 | ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. | [email protected] | 4.8 | 0.24% | 2018-07-03 | 2024-11-21 |
| CVE-2018-11572 | ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. | [email protected] | 5.4 | 0.21% | 2018-05-31 | 2024-11-21 |
| CVE-2018-11571 | ClipperCMS 1.3.3 allows Session Fixation. | [email protected] | 8.8 | 0.33% | 2018-05-31 | 2024-11-21 |
| CVE-2018-11332 | Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file. | [email protected] | 4.8 | 0.23% | 2018-05-24 | 2024-11-21 |