177 matches found
CVE-2019-17607
HongCMS 3.0.0 has XSS via the install/index.php servername parameter...
Design/Logic Flaw
HongCMS 3.0.0 has XSS via the install/index.php servername parameter...
Design/Logic Flaw
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter...
Design/Logic Flaw
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter...
Design/Logic Flaw
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter...
CVE-2019-17611
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter...
CVE-2019-17611
HongCMS 3.0.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the install/index.php tableprefix parameter. The issue allows injection of client-side script via the tableprefix input, enabling potentially arbitrary code execution in the context of a user session. The available documen...
CVE-2019-17610
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter...
CVE-2019-17610
CVE-2019-17610 affects HongCMS 3.0.0 with a cross-site scripting (XSS) vulnerability in the install/index.php dbpassword parameter. The root cause is a lack of proper input validation or encoding for the dbpassword field, enabling injection of malicious script when data is reflected in the page. ...
CVE-2019-17609
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter...
CVE-2019-17609
CVE-2019-17609 : HongCMS 3.0.0 exposes a cross-site scripting vulnerability via the install/index.php dbusername parameter. The issue is described across multiple sources (NVD/CNVD) as allowing client-side code execution in the context of an affected user. CVSSv3.1 base score is 6.1 (MEDIUM) with...
CVE-2019-17608
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter...
CVE-2019-17608
Affected software: HongCMS 3.0.0. Vulnerability: Cross-Site Scripting via the install/index.php dbname parameter. Vector/Root cause: unsanitized/input handling leads to client-side script execution. Impact: attacker can execute client-side code. References: NVD entry describes XSS via the dbname ...
CVE-2019-17607
HongCMS 3.0.0 has XSS via the install/index.php servername parameter...
CVE-2019-17607
CVE-2019-17607 affects HongCMS 3.0.0 with a cross-site scripting (XSS) vulnerability exploitable via the install/index.php servername parameter. Reported impact in CNVD/NVD notes client-side code execution; the CNVD entry explicitly describes XSS, while the NVD entry summarizes the risk. The avai...
File Upload Vulnerability in HongCMS
HongCMS is an open source lightweight content management system CMS. A file upload vulnerability exists in HongCMS. An attacker can exploit this vulnerability to gain server privileges...
Arbitrary File Read Vulnerability in HongCMS
HongCMS is an open source lightweight content management system CMS. An arbitrary file read vulnerability exists in HongCMS. An attacker can exploit this vulnerability to obtain sensitive information...
Code execution vulnerability in HongCMS (CNVD-2019-40721)
HongCMS is an open source lightweight content management system CMS. A code execution vulnerability exists in HongCMS. An attacker can exploit this vulnerability to gain server privileges...
Code execution vulnerability in HongCMS (CNVD-2019-40719)
HongCMS is an open source lightweight content management system CMS. A code execution vulnerability exists in HongCMS. An attacker can exploit this vulnerability to gain server privileges...
HongCMS suffers from an arbitrary file deletion vulnerability (CNVD-2019-40718)
HongCMS is an open source lightweight content management system CMS. HongCMS suffers from an arbitrary file deletion vulnerability. An attacker can exploit this vulnerability to delete arbitrary files...