CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3975 – NukeViet CMS Data URL Request.php filterAttr cross site scripting
https://notcve.org/view.php?id=CVE-2022-3975
13 Nov 2022 — A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. • https://github.com/nukeviet/nukeviet • CWE-707: Improper Neutralization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30874
https://notcve.org/view.php?id=CVE-2022-30874
21 Jun 2022 — There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. Se presenta una vulnerabilidad de tipo Cross Site Scripting almacenado (XSS) en NukeViet CMS versiones anteriores a 4.5.02 • https://blog.stmcyber.com/vulns/cve-2022-30874 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22765
https://notcve.org/view.php?id=CVE-2020-22765
29 Jul 2021 — Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en NukeViet cms versión 4.4.0, por medio del editor en el módulo News • https://nukeviet.vn/vi/news/Tin-tuc/nukeviet-cam-on-le-thanh-trung-da-phat-hien-loi-an-ninh-nukeviet-631.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13155
https://notcve.org/view.php?id=CVE-2020-13155
23 Jun 2020 — clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. El archivo clearsystem.php en NukeViet versión 4.4, permite CSRF con una inyección HTML resultante por medio del parámetro deltype en el URI admin/index.php?nv=webtools&op=clearsystem • https://nukeviet.vn/en • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13156
https://notcve.org/view.php?id=CVE-2020-13156
23 Jun 2020 — modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. El archivo modules\users\admin\add_user.php en NukeViet versión 4.4, permite un ataque de tipo CSRF para agregar una cuenta de usuario por medio del URI admin/index.php?nv=users&op=user_add • https://nukeviet.vn/en • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13157
https://notcve.org/view.php?id=CVE-2020-13157
23 Jun 2020 — modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed. El archivo modules\users\admin\edit.php en NukeViet versión 4.4, permite un ataque de tipo CSRF para cambiar la contraseña de un usuario por medio de un URI admin/index.php?nv=users&op=edit&userid=. • https://nukeviet.vn/en • CWE-352: Cross-Site Request Forgery (CSRF) •