CVSS: 7.1EPSS: 53%CPEs: 1EXPL: 2CVE-2023-30868 – WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-30868
20 Apr 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions. The CMS Tree Page View plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_type' parameter in versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an act... • https://packetstorm.news/files/id/172730 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1746 – Dreamer CMS File Upload cross site scripting
https://notcve.org/view.php?id=CVE-2023-1746
30 Mar 2023 — A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability. • https://github.com/iteachyou-wjn/dreamer_cms/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1484 – xzjie cms upload unrestricted upload
https://notcve.org/view.php?id=CVE-2023-1484
18 Mar 2023 — A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367. • https://gitee.com/xzjie/cms/issues/I6INIT • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27084
https://notcve.org/view.php?id=CVE-2023-27084
16 Mar 2023 — Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. • https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25452 – WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25452
13 Mar 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions. The CMS Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesse... • https://patchstack.com/database/vulnerability/cms-press/wordpress-cms-press-plugin-0-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4328 – 狮子鱼CMS ApiController.class.php goods_detail sql injection
https://notcve.org/view.php?id=CVE-2021-4328
02 Mar 2023 — A vulnerability has been found in 狮子鱼CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://hammerking.top/index.php/archives/104 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35290
https://notcve.org/view.php?id=CVE-2021-35290
24 Feb 2023 — File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page. • https://github.com/anibalgomezprojects/balerocms-src/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33925
https://notcve.org/view.php?id=CVE-2021-33925
15 Feb 2023 — SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login. • https://github.com/nitinp1232/cms-corephp/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36503
https://notcve.org/view.php?id=CVE-2021-36503
03 Feb 2023 — SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. • https://github.com/Fanli2012/native-php-cms/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0513 – isoftforce Dreamer CMS cross site scripting
https://notcve.org/view.php?id=CVE-2023-0513
26 Jan 2023 — A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/isoftforce/dreamer_cms/issues/I68UYM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •