CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7657 – Gila CMS HTTP POST Request page cross site scripting
https://notcve.org/view.php?id=CVE-2024-7657
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?ctiid.274114 https://vuldb.com/?id.274114 https://vuldb.com/?submit.384630 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7106 – Spina CMS media_folders cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-7106
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/topsky979/Security-Collections/blob/main/cve3/README.md https://vuldb.com/?ctiid.272431 https://vuldb.com/?id.272431 https://vuldb.com/?submit.376769 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.9EPSS: 0%CPEs: 19EXPL: 1CVE-2024-7065 – Spina CMS cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-7065
A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://github.com/topsky979/Security-Collections/blob/main/1700810/README.md https://vuldb.com/?ctiid.272346 https://vuldb.com/?id.272346 https://vuldb.com/?submit.375236 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31505
https://notcve.org/view.php?id=CVE-2023-31505
An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file. Una vulnerabilidad de carga de archivos arbitrarios en Schlix CMS v2.2.8-1 permite a atacantes remotos autenticados ejecutar código arbitrario y obtener información confidencial a través de un archivo .phtml manipulado. • https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31505 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46906
https://notcve.org/view.php?id=CVE-2023-46906
juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated. juzaweb <= 3.4 es vulnerable a un control de acceso incorrecto, lo que provoca una interrupción de la aplicación después de un código de estado HTTP 500. El payload en el campo de timezone no se validó correctamente. • https://github.com/juzaweb/cms https://www.sumor.top/index.php/archives/880 •