CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11175 – Public CMS Voting Management save cross site scripting
https://notcve.org/view.php?id=CVE-2024-11175
13 Nov 2024 — A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/sanluan/PublicCMS/commit/b9530b9cc1f5cfdad4b637874f59029a6283a65c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46410
https://notcve.org/view.php?id=CVE-2024-46410
08 Oct 2024 — PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature • https://gitee.com/sanluan/PublicCMS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42523
https://notcve.org/view.php?id=CVE-2024-42523
23 Aug 2024 — publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData • https://gist.github.com/ilikeoyt/3dbbca2679c2551eaaeaea9c83acf1a1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40548
https://notcve.org/view.php?id=CVE-2024-40548
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALCK • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40543
https://notcve.org/view.php?id=CVE-2024-40543
12 Jul 2024 — PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. • https://gitee.com/sanluan/PublicCMS/issues/IAAITR • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40551
https://notcve.org/view.php?id=CVE-2024-40551
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAM5W • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40549
https://notcve.org/view.php?id=CVE-2024-40549
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALNE • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40550
https://notcve.org/view.php?id=CVE-2024-40550
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALWJ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40547
https://notcve.org/view.php?id=CVE-2024-40547
12 Jul 2024 — PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace. • https://gitee.com/sanluan/PublicCMS/issues/IAAL70 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40545
https://notcve.org/view.php?id=CVE-2024-40545
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAIZD • CWE-434: Unrestricted Upload of File with Dangerous Type •