CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34654
https://notcve.org/view.php?id=CVE-2023-34654
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). • https://gist.github.com/ae6e361b/b7f162eba1a91df3ad9dc71ec9935960 https://github.com/ae6e361b/taocms-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20725
https://notcve.org/view.php?id=CVE-2020-20725
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. • https://github.com/taogogo/taocms/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1947 – taoCMS admin.php code injection
https://notcve.org/view.php?id=CVE-2023-1947
A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. • https://gitee.com/misak7in/cve/blob/master/taocms.md https://vuldb.com/?ctiid.225330 https://vuldb.com/?id.225330 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-34167
https://notcve.org/view.php?id=CVE-2021-34167
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. • https://github.com/taogogo/taocms/issues/6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48006
https://notcve.org/view.php?id=CVE-2022-48006
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. • https://github.com/taogogo/taocms/issues/35 • CWE-434: Unrestricted Upload of File with Dangerous Type •