Lucene search
K

55 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.11 views

CVE-2025-1177

A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function importadd of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to...

9.8CVSS6.8AI score0.00699EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/29 5:1 p.m.7 views

CVE-2025-15144

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

6.1CVSS3.6AI score0.0031EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/28 6:30 p.m.8 views

EUVD-2025-205520

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

5.3CVSS5.2AI score0.0031EPSS
Exploits1References5
OSV
OSV
added 2025/12/28 5:16 p.m.8 views

CVE-2025-15144

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

6.1CVSS4.1AI score0.0031EPSS
Exploits1References4
NVD
NVD
added 2025/12/28 5:16 p.m.7 views

CVE-2025-15144

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

6.1CVSS0.0031EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/28 4:32 p.m.25 views

CVE-2025-15144 dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg cross site scripting

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

5.3CVSS0.0031EPSS
Exploits1References4
CVE
CVE
added 2025/12/28 4:32 p.m.12 views

CVE-2025-15144

Summary: CVE-2025-15144 affects dayrui XunRuiCMS (up to 4.7.1) in the JSONP Callback Handler. The vulnerability stems from manipulation of the callback argument in the function dr_show_error/dr_exit_msg within /dayrui/Fcms/Init.php, enabling cross-site scripting. Exploitation can be performed rem...

6.1CVSS3.6AI score0.0031EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/12/28 4:32 p.m.4 views

CVE-2025-15144

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

6.1CVSS3.9AI score0.0031EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.7 views

PT-2025-53660

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A flaw exists in dayrui XunRuiCMS that allows for cross site scripting. The issue is located in the JSONP Callback Handler component, specifically within the dr show error/dr exit msg function ...

6.1CVSS5.2AI score0.0031EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/12/05 3:27 p.m.4 views

CVE-2025-14006

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field=add=site=1=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to cross site...

6.1CVSS5.3AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/05 3:27 p.m.6 views

CVE-2025-14007

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api=demo=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high complexity...

6.1CVSS5.1AI score0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/05 1:33 p.m.7 views

CVE-2025-14005

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field=add=site=1=0 of the component Add Display Name Field. Executing a manipulation of the argument dataname can lead to cross site...

6.1CVSS3AI score0.00247EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/04 3:30 p.m.5 views

EUVD-2025-201188

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...

5.1CVSS5AI score0.00232EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/04 3:30 p.m.6 views

EUVD-2025-201187

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...

2CVSS4.7AI score0.00234EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/04 3:30 p.m.5 views

EUVD-2025-201160

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of the component Add Display Name Field. Executing manipulation of the argument dataname can lead to...

4.8CVSS2.7AI score0.00247EPSS
Exploits1References5
OSV
OSV
added 2025/12/04 3:15 p.m.5 views

CVE-2025-14006

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...

6.1CVSS3.8AI score0.00232EPSS
Exploits1References4
OSV
OSV
added 2025/12/04 3:15 p.m.5 views

CVE-2025-14007

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...

6.1CVSS4.1AI score0.00234EPSS
Exploits1References4
NVD
NVD
added 2025/12/04 3:15 p.m.5 views

CVE-2025-14006

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...

6.1CVSS0.00232EPSS
Exploits1References4
CVE
CVE
added 2025/12/04 3:2 p.m.12 views

CVE-2025-14008

Dayrui XunRuiCMS

7.2CVSS6.5AI score0.00359EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/04 3:2 p.m.29 views

CVE-2025-14008 dayrui XunRuiCMS Project Domain Change Test admin79f2ec220c7e.php server-side request forgery

A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=testsitedomain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate t...

5.8CVSS0.00359EPSS
Exploits1References4
Rows per page
Query Builder