汇总 sscms 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本、SQL 注入与路径处理缺陷 相关,可能在 软件部署与生产负载 场景中带来 会话劫持与数据泄露 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-52237 | An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. | [email protected] | 6.5 | 0.34% | 2025-08-05 | 2025-08-15 |
| CVE-2025-45529 | An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor. | [email protected] | 7.1 | 0.26% | 2025-05-27 | 2025-06-30 |
| CVE-2023-43953 | SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component. | [email protected] | 5.4 | 0.09% | 2023-10-03 | 2025-05-29 |
| CVE-2023-2862 | A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability. | [email protected] | 3.5 | 0.59% | 2023-05-24 | 2024-11-21 |
| CVE-2022-44299 | SiteServerCMS 7.1.3 sscms has a file read vulnerability. | [email protected] | 4.9 | 0.41% | 2023-02-16 | 2025-03-19 |
| CVE-2022-44298 | SiteServer CMS 7.1.3 is vulnerable to SQL Injection. | [email protected] | 9.8 | 0.25% | 2023-01-27 | 2025-03-28 |
| CVE-2022-44297 | SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. | [email protected] | 9.8 | 0.23% | 2023-01-26 | 2025-03-31 |
| CVE-2022-30349 | siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | [email protected] | 6.1 | 0.21% | 2022-06-02 | 2024-11-21 |
| CVE-2021-42656 | SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. | [email protected] | 5.4 | 0.25% | 2022-05-24 | 2024-11-21 |
| CVE-2021-42655 | SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | [email protected] | 8.8 | 0.35% | 2022-05-24 | 2024-11-21 |
| CVE-2021-42654 | SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. | [email protected] | 9.8 | 0.90% | 2022-05-24 | 2024-11-21 |
| CVE-2022-28118 | SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. | [email protected] | 9.8 | 4.04% | 2022-05-03 | 2024-11-21 |