CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40910
https://notcve.org/view.php?id=CVE-2021-40910
15 Jun 2022 — There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflexiva en la parte de administración de PHPCMS versión V9.6.3 • https://gitee.com/phpcms/phpcms/issues/I493K8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-10027
https://notcve.org/view.php?id=CVE-2019-10027
24 Mar 2019 — PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. PHPCMS, desde la versión 9.6.x hasta la 9.6.3, tiene XSS mediante el campo mailbox (también conocido como E-mail) en la pantalla de información personal. • https://github.com/sharemice/phpcms_xss/blob/master/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14399
https://notcve.org/view.php?id=CVE-2018-14399
19 Jul 2018 — libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI. libs\classes\attachment.class.php en PHPCMS 9.6.0 permite que atacantes remotos suban y ejecuten código PHP arbitrario mediante un URI .txt?.php#.jpg en el atributo SRC de un elemento IMG en los datos JSON info[content] en el URI index.php?m=memberc=in... • http://www.an-sheng.cc/index.php/archives/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •