CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2024-6932 – ClassCMS cross site scripting
https://notcve.org/view.php?id=CVE-2024-6932
20 Jul 2024 — A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. • https://github.com/Hebing123/cve/issues/42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45966
https://notcve.org/view.php?id=CVE-2022-45966
22 Dec 2022 — here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. Aquí hay una vulnerabilidad de carga de archivos arbitraria en el módulo de función de administración de archivos de Classcms3.5. • https://github.com/yinfei6/classcms • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25582
https://notcve.org/view.php?id=CVE-2022-25582
25 Mar 2022 — A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el módulo Column de ClassCMS versiones v2.5 y anteriores, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el campo Add Articles • https://github.com/k0xx11/Vulscve/blob/master/classcms2.5-xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •