Ametys
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ametys.
By the Year
In 2026 there have been 1 vulnerability in Ametys with an average score of 6.1 out of ten. Ametys did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 6.10 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 5.30 |
It may take a day or so for new Ametys vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ametys Security Vulnerabilities
Persistent XSS in Ametys CMS 4.4.1 link dir input fields
CVE-2022-50937
6.1 - Medium
- January 13, 2026
Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules.
XSS
Ametys CMS v4.5.0: Sensitive info disclosure via error scope
CVE-2024-30614
- April 12, 2024
An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.
The auto-completion plugin in Ametys CMS before 4.5.0
CVE-2022-26159
5.3 - Medium
- February 28, 2022
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
forced browsing
