3 matches found
CVE-2022-41472
74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...
CVE-2022-41472
CVE-2022-41472 affects 74cmsSE v3.12.0. The vulnerability is a Cross‑Site Scripting (XSS) in the API endpoint “/apiadmin/notice/add” where a crafted payload placed in the Title field can execute arbitrary web scripts/HTML in a user’s browser. The root cause is an input that is not properly saniti...
CVE-2022-41472
74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...