CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/12/28 6:32 p.m.•1 views

CVE-2025-15149 rawchen ecms Add New Product updateProductServlet.java updateProductServlet cross site scripting

4.8CVSS2.8AI score0.00019EPSS

Cvelist•added 2025/12/28 6:32 p.m.•17 views

CVE-2025-15149 rawchen ecms Add New Product updateProductServlet.java updateProductServlet cross site scripting

4.8CVSS0.00019EPSS

CVE•added 2025/12/28 6:32 p.m.•6 views

CVE-2025-15149

CVE-2025-15149 affects rawchen ecms, specifically the updateProductServlet in src/servlet/product/updateProductServlet.java (Add New Product Page). The vulnerability arises from manipulating the productName parameter, enabling cross-site scripting with remote exploitation. Public exploit details ...

4.8CVSS3.2AI score0.00019EPSS

Positive Technologies•added 2025/12/28 12:0 a.m.•2 views

PT-2025-53664

Name of the Vulnerable Software and Affected Versions rawchen ecms affected versions not specified Description A cross site scripting issue exists in rawchen ecms. The updateProductServlet function within the src/servlet/product/updateProductServlet.java file, specifically related to the Add New...

4.8CVSS5.6AI score0.00019EPSS

Exploits0References9

RedhatCVE•added 2025/09/16 2:26 a.m.•3 views

CVE-2025-10386

A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely...

5.3CVSS5.5AI score0.00045EPSS

Vulnrichment•added 2025/09/14 1:32 a.m.•2 views

CVE-2025-10386 Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting

5.3CVSS4AI score0.00045EPSS

Cvelist•added 2025/09/14 1:32 a.m.•8 views

CVE-2025-10386 Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting

5.3CVSS0.00045EPSS

CVE•added 2025/09/14 1:32 a.m.•9 views

CVE-2025-10386

CVE-2025-10386 affects Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is in the POST Request Handler for the file path /login.do, where manipulating the argument requestUrl enables cross-site scripting. It can be triggered remotely, and public exploits exist. Reports not...

5.3CVSS5.4AI score0.00045EPSS

Positive Technologies•added 2025/09/14 12:0 a.m.•2 views

PT-2025-37397

Name of the Vulnerable Software and Affected Versions: Yida ECMS Consulting Enterprise Management System version 1.0 Description: A cross-site scripting issue exists in Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is located in the POST Request Handler component,...

5.3CVSS4.5AI score0.00045EPSS

Exploits0References8

CNVD•added 2021/06/28 12:0 a.m.•9 views

Weak password vulnerability in ECMS

Changzhou Ruixin Technology is a manufacturer specializing in remote meter reading, energy consumption monitoring and energy control system construction. There is a weak password vulnerability in ECMS, which can be exploited by attackers to obtain sensitive information...

seebug.org•added 2014/07/01 12:0 a.m.•10 views

eCMS 0.4.2 - Multiple Security Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/29304/info eCMS is prone to multiple security vulnerabilities, including a security-bypass issue and an SQL-injection issue. Exploiting these issues may allow an attacker to bypass certain security restrictions and gain...

seebug.org•added 2014/07/01 12:0 a.m.•15 views

Evaria ECMS 1.1 'DOCUMENT_ROOT' Parameter Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30262/info ECMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the application and the...

seebug.org•added 2014/07/01 12:0 a.m.•7 views

ecms 0.4.2 (sql/pb) Multiple Vulnerabilities

No description provided by source. ...::::eCMS-v0.4.2 SQL/PB Multiple Remote Vulnerabilities ::::... Virangar Security Team www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to ...

OpenVAS•added 2010/10/04 12:0 a.m.•11 views

Evaria ECMS Detection (HTTP)

HTTP based detection of Evaria ECMS. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100838";...

7.4AI score

OpenVAS•added 2010/10/04 12:0 a.m.•12 views

Evaria ECMS <= 1.1 Directory Traversal Vulnerability

Evaria ECMS is prone to a local file disclosure vulnerability because it fails to adequately validate user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7AI score

OpenVAS•added 2010/10/04 12:0 a.m.•12 views

Evaria ECMS 'Poll.php' Local File Disclosure Vulnerability

Evaria ECMS is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may a...

Exploits0References2

OpenVAS•added 2010/10/04 12:0 a.m.•9 views

Evaria ECMS Detection

This host is running Evaria ECMS, a content management system. OpenVAS Vulnerability Test $Id: gbecmsdetect.nasl 5723 2017-03-24 15:46:34Z cfi $ Evaria ECMS Detection Authors: Michael Meyer Copyright: Copyright c 2010 Greenbone Networks GmbH This program is free software; you can redistribute it...

0.2AI score

seebug.org•added 2008/09/28 12:0 a.m.•68 views

帝国ECMS V5 /e/member/list/index.php注入漏洞

帝国ECMS /e/member/list/index.php文件: if$sear $keyboard=RepPostVar2$GET'keyboard'; if$keyboard $add.=$where.$userusername." like '%$keyboard%'"; $search.="&sear=1&keyboard=$keyboard"; 判断sear参数是否存在,然后直接去keyboard的参数,然后再判断keyboard值是否为空,如果不为空就直接把keyboard带入查询产生注射漏洞. 帝国ECMS V5 暂无...