CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18414
https://notcve.org/view.php?id=CVE-2020-18414
Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset. • https://github.com/GodEpic/chaojicms/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18410
https://notcve.org/view.php?id=CVE-2020-18410
A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges. • https://github.com/GodEpic/chaojicms/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18413
https://notcve.org/view.php?id=CVE-2020-18413
Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. • https://github.com/GodEpic/chaojicms/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-20636
https://notcve.org/view.php?id=CVE-2020-20636
SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. • https://github.com/joyplus/joyplus-cms/issues/447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33604
https://notcve.org/view.php?id=CVE-2023-33604
Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST request. Se ha descubierto que Imperial CMS v7.5 contiene una vulnerabilidad de eliminación arbitraria de archivos a través de la función "DelspReFile" en "/sp/ListSp.php". Esta vulnerabilidad es explotada por atacantes a través de una petición POST manipulada. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257484 https://www.mubucm.com/doc/38rCUPucWz •