CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16350
https://notcve.org/view.php?id=CVE-2018-16350
02 Sep 2018 — WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. WUZHI CMS 4.1.0 tiene Cross-Site Scripting (XSS) mediante el parámetro form[statcode] en index.php?m=coref=setv=basic. • https://github.com/wuzhicms/wuzhicms/issues/148 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15893
https://notcve.org/view.php?id=CVE-2018-15893
27 Aug 2018 — A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. Se ha descubierto una inyección SQL en /coreframe/app/admin/copyfrom.php en WUZHI CMS 4.1.0 mediante el parámetro keywords en index.php?m=coref=copyfromv=listing. • https://github.com/wuzhicms/wuzhicms/issues/149 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15894
https://notcve.org/view.php?id=CVE-2018-15894
27 Aug 2018 — A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. Se ha descubierto una inyección SQL en /coreframe/app/admin/pay/admin/index.php en WUZHI CMS 4.1.0 mediante el parámetro keyValue en index.php?m=payf=indexv=listing. • https://github.com/wuzhicms/wuzhicms/issues/150 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15603
https://notcve.org/view.php?id=CVE-2018-15603
21 Aug 2018 — An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen. Se ha descubierto un problema en Victor CMS hasta el 10/05/2018. Existe Cross-Site Scripting (XSS) mediante el campo Author de la pantalla "Leave a Comment". • https://github.com/VictorAlagwu/CMSsite/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15564
https://notcve.org/view.php?id=CVE-2018-15564
20 Aug 2018 — An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8. Se ha descubierto un problema en daveismyname simple-cms hasta el 11/03/2014. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede eliminar cualquier página mediante admin/? • https://github.com/daveismyname/simple-cms/issues/4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15565
https://notcve.org/view.php?id=CVE-2018-15565
20 Aug 2018 — An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. Se ha descubierto un problema en daveismyname simple-cms hasta el 11/03/2014 en el que admin/addpage.php no requiere la autenticación para añadir una página. Esto también se puede explotar mediante Cross-Site Request Forgery (CSRF). • https://github.com/daveismyname/simple-cms/issues/2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14513
https://notcve.org/view.php?id=CVE-2018-14513
23 Jul 2018 — An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) persistente que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro form[content] en el URI index.php? • https://github.com/wuzhicms/wuzhicms/issues/145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14515
https://notcve.org/view.php?id=CVE-2018-14515
23 Jul 2018 — A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. Se ha descubierto una inyección SQL en WUZHI CMS 4.1.0 que permite que atacantes remotos inyecten una instrucción SQL maliciosa mediante el parámetro keywords en index.php?m=promotef=indexv=search. • https://github.com/wuzhicms/wuzhicms/issues/146 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14500
https://notcve.org/view.php?id=CVE-2018-14500
22 Jul 2018 — joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. joyplus-cms 1.6.0 tiene Cross-Site Scripting (XSS) en manager/collect/collect_vod_zhuiju.php mediante el parámetro keyword. • https://github.com/joyplus/joyplus-cms/issues/431 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14388
https://notcve.org/view.php?id=CVE-2018-14388
18 Jul 2018 — joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. joyplus-cms 1.6.0 tiene Cross-Site Scripting (XSS) en manager/admin_ajax.php mediante el parámetro del array can_search_device. • https://github.com/joyplus/joyplus-cms/issues/429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •