Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

5none Security Vulnerabilities

cve
cve

CVE-2020-18282

Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback...

6.1CVSS

6.3AI Score

0.001EPSS

2023-05-08 02:15 PM
14
cve
cve

CVE-2020-23376

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS...

6.1CVSS

6AI Score

0.001EPSS

2021-05-10 11:15 PM
43
3
cve
cve

CVE-2020-18647

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component...

7.5CVSS

6.8AI Score

0.009EPSS

2021-06-22 03:15 PM
19
cve
cve

CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component...

7.5CVSS

6.8AI Score

0.009EPSS

2021-06-22 03:15 PM
19
2
cve
cve

CVE-2020-23371

Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName...

6.1CVSS

6.3AI Score

0.001EPSS

2021-05-10 11:15 PM
37
2
cve
cve

CVE-2020-23374

Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name...

5.4CVSS

5.9AI Score

0.001EPSS

2021-05-10 11:15 PM
32
3
cve
cve

CVE-2020-23373

Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name...

5.4CVSS

5.9AI Score

0.001EPSS

2021-05-10 11:15 PM
36
3
cve
cve

CVE-2019-16721

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin...

6.5CVSS

7.4AI Score

0.001EPSS

2019-09-23 02:15 PM
21
cve
cve

CVE-2018-20062

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query...

9.8CVSS

9.7AI Score

0.967EPSS

2018-12-11 06:29 PM
971
In Wild
9
cve
cve

CVE-2018-7219

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html...

8.8CVSS

7.5AI Score

0.001EPSS

2018-02-19 02:29 PM
21
cve
cve

CVE-2018-6022

Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path...

6.5CVSS

7.2AI Score

0.001EPSS

2018-01-23 06:29 AM
19
cve
cve

CVE-2018-6029

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn"...

7.5CVSS

7.6AI Score

0.008EPSS

2018-01-23 06:29 AM
20