9 matches found
Cross site scripting
FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account...
CVE-2017-11180
FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in 1 the User-Agent header of an HTTP request or 2 the username entered on the login screen...
CVE-2017-11179
FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account...
CVE-2017-11179
CVE-2017-11179 affects FineCMS up to 2017-07-11. The vulnerability is a stored XSS in two routes: route=admin (modifying user information) and route=register (registering a user account). The documents do not provide root-cause specifics beyond the XSS description, nor do they include remediation...
FineCMS Stored Cross-Site Scripting Vulnerability
FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework development for multiple terminals, including Pc-side web pages and mobile web pages, support for customized content models and member models, and can be customized fields, can be...
FineCMS Arbitrary File Write Vulnerability
FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework development for multiple terminals, including Pc-side web pages and mobile web pages, support for customized content models and member models, and can be customized fields, can be...
Security update 2017-07-11
...
Security update 2017-07-11
...
Security update 2017-07-11
...