4 results (0.004 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18410

https://notcve.org/view.php?id=CVE-2020-18410

27 Jun 2023 — A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges. • https://github.com/GodEpic/chaojicms/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18413

https://notcve.org/view.php?id=CVE-2020-18413

27 Jun 2023 — Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. • https://github.com/GodEpic/chaojicms/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18414

https://notcve.org/view.php?id=CVE-2020-18414

27 Jun 2023 — Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset. • https://github.com/GodEpic/chaojicms/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19962

https://notcve.org/view.php?id=CVE-2020-19962

14 Oct 2021 — A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en la función getClientIp en el archivo /lib/tinwin.class.php de Chaoji CMS 2.39, permite a atacantes ejecutar scripts web arbitrarios • https://github.com/zhuxianjin/vuln_repo/blob/master/chaojicms_stored_xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •