CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3975 – NukeViet CMS Data URL Request.php filterAttr cross site scripting
https://notcve.org/view.php?id=CVE-2022-3975
13 Nov 2022 — A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. • https://github.com/nukeviet/nukeviet • CWE-707: Improper Neutralization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30874
https://notcve.org/view.php?id=CVE-2022-30874
21 Jun 2022 — There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. Se presenta una vulnerabilidad de tipo Cross Site Scripting almacenado (XSS) en NukeViet CMS versiones anteriores a 4.5.02 • https://blog.stmcyber.com/vulns/cve-2022-30874 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22765
https://notcve.org/view.php?id=CVE-2020-22765
29 Jul 2021 — Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en NukeViet cms versión 4.4.0, por medio del editor en el módulo News • https://nukeviet.vn/vi/news/Tin-tuc/nukeviet-cam-on-le-thanh-trung-da-phat-hien-loi-an-ninh-nukeviet-631.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •