Browse all 3 CVE security advisories affecting siteserver. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SiteServer is a content management system primarily used for website building and management in China. Historically, it has been plagued by multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, contributing to its three recorded CVEs. The platform's security posture has been compromised in several high-profile incidents, including mass exploitation campaigns that led to widespread server compromises. Its architecture often contains hardcoded credentials and insufficient input validation, making it a frequent target for attackers seeking to establish persistent access or deploy web shells. Despite these issues, it remains widely deployed in Chinese government and enterprise environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7435 | SSCMS v7.4.0 SQL Injection via stl:sqlContent queryString — SSCMSCWE-89 | 7.2 | High | 2026-04-30 |
| CVE-2026-7429 | SSCMS v7.4.0 Reflected Cross-Site Scripting via STL Processing — SSCMSCWE-79 | 4.6 | Medium | 2026-04-30 |
| CVE-2023-2862 | SiteServer CMS search cross site scripting — CMSCWE-79 | 3.5 | Low | 2023-05-24 |
This page lists every published CVE security advisory associated with siteserver. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.