Cross site scripting

FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account...

CVE-2017-11179

FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account...

CVE-2017-11180

FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in 1 the User-Agent header of an HTTP request or 2 the username entered on the login screen...

FineCMS Stored Cross-Site Scripting Vulnerability

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework development for multiple terminals, including Pc-side web pages and mobile web pages, support for customized content models and member models, and can be customized fields, can be...

FineCMS Arbitrary File Write Vulnerability

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework development for multiple terminals, including Pc-side web pages and mobile web pages, support for customized content models and member models, and can be customized fields, can be...

CVE-2017-11179

CVE-2017-11179 affects FineCMS up to 2017-07-11. The vulnerability is a stored XSS in two routes: route=admin (modifying user information) and route=register (registering a user account). The documents do not provide root-cause specifics beyond the XSS description, nor do they include remediation...

Security update 2017-07-11

...

Security update 2017-07-11

...

Security update 2017-07-11

...