CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34654
https://notcve.org/view.php?id=CVE-2023-34654
05 Jul 2023 — taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). • https://gist.github.com/ae6e361b/b7f162eba1a91df3ad9dc71ec9935960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20725
https://notcve.org/view.php?id=CVE-2020-20725
20 Jun 2023 — Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. • https://github.com/taogogo/taocms/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25785
https://notcve.org/view.php?id=CVE-2021-25785
02 Dec 2021 — Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. Se ha detectado que Taocms versión v2.5Beta5, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente Management column • https://github.com/taogogo/taocms/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25784
https://notcve.org/view.php?id=CVE-2021-25784
02 Dec 2021 — Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. Se ha detectado que Taocms versión v2.5Beta5, contiene una vulnerabilidad de inyección SQL ciega por medio de la función Edit Article • https://github.com/taogogo/taocms/issues/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25783
https://notcve.org/view.php?id=CVE-2021-25783
02 Dec 2021 — Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. Se ha detectado que Taocms versión v2.5Beta5, contiene una vulnerabilidad de inyección SQL ciega por medio de la función Article Search • https://github.com/taogogo/taocms/issues/5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-7720
https://notcve.org/view.php?id=CVE-2019-7720
11 Feb 2019 — taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. taocms, hasta el 24/05/2014, permite la inyección de eval colocando código PHP en el parámetro db_name de install.php y, después, realizando una petición a config.php. • https://github.com/taogogo/taocms/issues/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •