Page 25 of 201 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. joyplus-cms versión 1.6.0, permite un salto de ruta absoluto de manager/admin_pic.php?rootpath=. • https://github.com/joyplus/joyplus-cms/issues/443 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets. Frog CMS versión 1.1 se ve afectado por: Cross Site Scripting (XSS). El impacto es: robo de cookies, pop-up de alerta en la página, redireccionamiento a otro sitio de phishing, ejecución de vulnerabilidades del navegador. • https://somerandomshitwbu.blogspot.com/2019/01/stored-xss-in-frog-cms-open-source.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. njiandan-cms hasta el 23/05/2013 tiene Cross-Site Request Forgery (CSRF) en index.php/admin/user_new para añadir a un administrador. • https://github.com/beyond7176/njiandan-cms/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. admin/?/plugin/file_manager en Frog CMS 0.9.5 permite la ejecución de código PHP creando un nuevo archivo .php que contiene código PHP y visitando dicho archivo bajo el URI public/. • https://github.com/philippe/FrogCMS/issues/27 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el campo Body en admin/?/layout/edit/1. • https://github.com/philippe/FrogCMS/issues/26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •