Page 4 of 24 results (0.015 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request. Se ha descubierto un problema en MiniCMS 1.10. Hay una vulnerabilidad de Cross-Site Scripting (XSS) en mc-admin/post.php? • https://github.com/bg5sbk/MiniCMS/issues/23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. MiniCMS V1.10 tiene Cross-Site Scripting (XSS) mediante el parámetro tags en mc-admin/post-edit.php. • https://github.com/bg5sbk/MiniCMS/issues/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability. Se ha descubierto un problema en MiniCMS 1.10. Hay una vulnerabilidad de Cross-Site Scripting (XSS) en post.php? • https://github.com/bg5sbk/MiniCMS/issues/21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1

mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field. mc-admin/post-edit.php en MiniCMS 1.10 permite la revelación de ruta completa mediante un campo id modificado. • https://github.com/bg5sbk/MiniCMS/issues/18 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1

mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article. mc-admin/post.php en MiniCMS 1.10 permite que atacantes remotos obtengan una lista de directorios del directorio de nivel más alto de la raíz web mediante un enlace que se vuelve disponible tras publicar un artículo. • https://github.com/bg5sbk/MiniCMS/issues/18 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •