Lucene search
K

72 matches found

Cvelist
Cvelist
added 2022/10/13 12:0 a.m.24 views

CVE-2022-41475

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add an administrator account...

9AI score0.00375EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/13 12:0 a.m.19 views

CVE-2022-41474

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily change the password of any account...

6.9AI score0.00298EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/17 12:0 a.m.11 views

SQL Injection Vulnerability in RPCMS (CNVD-2022-64528)

RPCMS is a lightweight content management/blogging system based on PHP MYSQL. RPCMS suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2022/08/12 12:0 a.m.18 views

SQL injection vulnerability exists in RPCMS (CNVD-2022-64953)

RPCMS is a lightweight content management/blogging system based on PHP MYSQL.RPCMS is vulnerable to SQL injection, which can be exploited by attackers to obtain sensitive database information...

2.4AI score
Exploits0
CNVD
CNVD
added 2022/08/12 12:0 a.m.20 views

SQL injection vulnerability exists in RPCMS (CNVD-2022-61944)

RPCMS is a lightweight content management/blogging system based on PHP MYSQL.RPCMS is vulnerable to SQL injection, which can be exploited by attackers to obtain sensitive database information...

2.4AI score
Exploits0
CNVD
CNVD
added 2022/07/19 12:0 a.m.11 views

RPCMS has information leakage vulnerability

RPCMS is a lightweight content management/blogging system based on PHP MYSQL.RPCMS has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

1.6AI score
Exploits0
CNVD
CNVD
added 2021/07/30 12:0 a.m.22 views

RPCMS Cross-Site Scripting Vulnerability (CNVD-2021-61418)

RPCMS is a software application, a web CMS system. RPCMS suffers from a cross-site scripting vulnerability that stems from a failure to properly clean up the nickname variable before it is displayed on a page in RPCMS v1.8 versions and below. With the API functionality turned on, an attacker can...

5.4CVSS5.2AI score0.00527EPSS
Exploits1
OSV
OSV
added 2021/07/26 6:15 p.m.4 views

CVE-2021-37392

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will...

5.4CVSS6.1AI score0.00527EPSS
Exploits1References2
NVD
NVD
added 2021/07/26 6:15 p.m.18 views

CVE-2021-37392

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will...

5.4CVSS0.00527EPSS
Exploits1References2
OSV
OSV
added 2021/07/26 6:15 p.m.4 views

CVE-2021-37393

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...

5.4CVSS5.8AI score0.00527EPSS
Exploits1References2
NVD
NVD
added 2021/07/26 6:15 p.m.10 views

CVE-2021-37393

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...

5.4CVSS0.00527EPSS
Exploits1References2
NVD
NVD
added 2021/07/26 6:15 p.m.18 views

CVE-2021-37394

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration...

8.8CVSS0.01171EPSS
Exploits1References2
Prion
Prion
added 2021/07/26 6:15 p.m.12 views

Design/Logic Flaw

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration...

6CVSS8.6AI score0.01171EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/07/26 6:15 p.m.16 views

Cross site scripting

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...

3.5CVSS5.2AI score0.00527EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/07/26 6:15 p.m.15 views

Cross site scripting

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will...

3.5CVSS5.1AI score0.00527EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/07/26 5:7 p.m.50 views

CVE-2021-37394

RPCMS (v1.8 and earlier) contains an API-level flaw that allows attackers to alter the user role parameter to admin via the API, enabling admin account registration. The connected sources consistently describe this as a role-parameter manipulation vulnerability affecting RPCMS v1.8 and below, lea...

8.8CVSS8.6AI score0.01171EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/07/26 5:7 p.m.18 views

CVE-2021-37394

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration...

8.9AI score0.01171EPSS
Exploits1References2
CVE
CVE
added 2021/07/26 5:5 p.m.54 views

CVE-2021-37393

CVE-2021-37393 affects RPCMS v1.8 and earlier: the nickname variable is not sanitized before display, enabling stored XSS via the update password function. Users viewing articles by the injected user trigger the XSS. No remediation/fix details are provided in the connected documents.

5.4CVSS5.2AI score0.00527EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/07/26 5:5 p.m.22 views

CVE-2021-37393

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...

5.4AI score0.00527EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/07/26 5:3 p.m.18 views

CVE-2021-37392

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will...

5.4AI score0.00527EPSS
Exploits1References2
Rows per page
Query Builder