CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2245 – Cross-Site Scripting vulnerability in moziloCMS
https://notcve.org/view.php?id=CVE-2024-2245
07 Mar 2024 — Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter. Vulnerabilidad de Cross-Site Scripting en moziloCMS versión 2.0. Al enviar una solicitud POST al endpoint '/install.php', se podría ejecutar un payload de JavaScript en el parámetro 'nombre de usuario'. • https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-mozilocms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23357
https://notcve.org/view.php?id=CVE-2022-23357
03 Feb 2022 — mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. Se ha detectado que mozilo 2.0, es vulnerable a ataques de salto de directorio por medio del parámetro curent_dir • https://github.com/truonghuuphuc/CVE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25394
https://notcve.org/view.php?id=CVE-2020-25394
09 Jul 2021 — A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en moziloCMS versión 2.0, permite a atacantes autenticados ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada introducida en el parámetro "Content" • https://github.com/mozilo/mozilo2.0/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •