clippercms CVE Vulnerabilities & Metrics

Focus on clippercms vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About clippercms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with clippercms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total clippercms CVEs: 10
Earliest CVE date: 24 May 2018, 16:29 UTC
Latest CVE date: 13 Oct 2022, 21:15 UTC

Latest CVE reference: CVE-2022-41497

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical clippercms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.76

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	3
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS clippercms CVEs

These are the five CVEs with the highest CVSS scores for clippercms, sorted by severity first and recency.

CVE-2018-19135 clippercms Published on 11 Nov 2018, 04:29 UTC (CVSS: 6.8)
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files"...
CVE-2018-11571 clippercms Published on 31 May 2018, 00:29 UTC (CVSS: 6.8)
ClipperCMS 1.3.3 allows Session Fixation.
CVE-2018-19424 clippercms Published on 21 Nov 2018, 21:29 UTC (CVSS: 6.5)
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.
CVE-2018-12101 clippercms Published on 15 Aug 2019, 17:15 UTC (CVSS: 3.5)
CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.
CVE-2018-13998 clippercms Published on 12 Jul 2018, 12:29 UTC (CVSS: 3.5)
ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.

All CVEs for clippercms

CVE-2022-41497 clippercms vulnerability CVSS: 0 13 Oct 2022, 21:15 UTC

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.

CVE-2022-41495 clippercms vulnerability CVSS: 0 13 Oct 2022, 21:15 UTC

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.

CVE-2018-12101 clippercms vulnerability CVSS: 3.5 15 Aug 2019, 17:15 UTC

CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.

CVE-2018-19424 clippercms vulnerability CVSS: 6.5 21 Nov 2018, 21:29 UTC

ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.

CVE-2018-19135 clippercms vulnerability CVSS: 6.8 11 Nov 2018, 04:29 UTC

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory.

CVE-2018-13998 clippercms vulnerability CVSS: 3.5 12 Jul 2018, 12:29 UTC

ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.

CVE-2018-13106 clippercms vulnerability CVSS: 3.5 03 Jul 2018, 16:29 UTC

ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI.

CVE-2018-11572 clippercms vulnerability CVSS: 3.5 31 May 2018, 00:29 UTC

ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.

CVE-2018-11571 clippercms vulnerability CVSS: 6.8 31 May 2018, 00:29 UTC

ClipperCMS 1.3.3 allows Session Fixation.

CVE-2018-11332 clippercms vulnerability CVSS: 3.5 24 May 2018, 16:29 UTC

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.