Page 2 of 52 results (0.002 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. • https://github.com/wuzhicms/b2b/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. • https://github.com/wuzhicms/wuzhicms/issues/205#issue-1635153937 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 2

A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: Se ha detectado una vulnerabilidad de salto de directorio en Wuzhicms versión 4.1.0. por medio del archivo /coreframe/app/attachment/admin/index.php: • https://github.com/Cigar-Fasion/CVE/issues/1 https://github.com/wuzhicms/wuzhicms/issues/202 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. Un ataque de tipo Cross Site Scripting (XSS) reflejado en wuzhicms versión v4.1.0, permite a atacantes remotos ejecutar un script web o HTML arbitrario por medio del parámetro imgurl • https://github.com/wuzhicms/wuzhicms/issues/183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php Se presentan vulnerabilidades de inyección SQL en Wuzhicms versión v4.1.0, que permiten a atacantes ejecutar comandos SQL arbitrarios por medio del parámetro $keyValue en el archivo /coreframe/app/pay/admin/index.php • https://github.com/wuzhicms/wuzhicms/issues/198 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •