CVE-2025-60445

A stored Cross-Site Scripting XSS vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when th...

CVE-2025-60445

CVE-2025-60445 affects XunRuiCMS 4.7.1. Root cause: insufficient validation of SVG uploads in dayrui/Fcms/Library/Upload.php, enabling stored XSS when the uploaded file is viewed. Impact: injected JavaScript code executes in the context of the uploaded SVG. Remediation: no patch/fix details provi...

XunRuiCMS 代码问题漏洞

XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code issue vulnerability exists in XunRuiCMS version 4.6.3, which originates from the importadd function in file dayrui/Fcms/Control/Admin/Linkage.php that causes deserialization...

CVE-2012-0699

Multiple cross-site request forgery CSRF vulnerabilities in Family Connections CMS aka FCMS 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that 1 add news via an add action to familynews.php or 2 add a prayer via an add action to prayers.php...

CVE-2012-0699

CVE-2012-0699 affects Family Connections CMS (FCMS) 2.9 and earlier. The vulnerability is cross-site request forgery (CSRF) that allows remote attackers to hijack a user’s authenticated session to perform actions: adding news via familynews.php and adding a prayer via prayers.php. Connected sourc...

fcms 2.2.3 - Remote File Inclusion Vulnerability

No description provided by source...

Dream Flash website management system FCMS v6. 5 vulnerability-vulnerability warning-the black bar safety net

Author:roker xmlEditor/adminadd. asp !-- include file="Conn. ASP" - !-- include file="inc/md5. asp" - !-- include file="chkuser. asp" - % if request. cookies"key""super" then response. Write"script language=javascriptalert'you are not authorized to modify admin!'; this. history. go-1;/script"...

Dream Flash website management system FCMS v5. 9 newest vulnerabilities 0day-vulnerability warning-the black bar safety net

Dream Flash website management system FCMS v5. 9 the latest vulnerability 0day The database address: xmlEditor/database/@@@datas.mdb Background xmleditor/login. asp admin/admin Message database: guestbook/db/sywl. asp the cookie injected into the drain Vulnerability file: xml/text. asp...

CVE-2011-5130

dev/less.php in Family Connections CMS FCMS 2.5.0 - 2.7.1, when registerglobals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv1 parameter...

CVE-2011-5130

dev/less.php in Family Connections CMS FCMS 2.5.0 - 2.7.1, when registerglobals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv1 parameter...

CVE-2011-5130

CVE-2011-5130 affects Family Connections CMS (FCMS) versions 2.5.0–2.7.1. The issue lives in dev/less.php and arises when register_globals is on, allowing remote attackers to execute arbitrary commands via shell metacharacters in argv[1]. Root cause reported as insecure use of system(), enabling ...

FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities

FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities FCMS2.7.2 cms and earlier multiple CSRF Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple CSRF Vulnerability Download link...

FCMS 2.7.2 Cross Site Request Forgery

FCMS2.7.2 cms and earlier multiple CSRF Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple CSRF Vulnerability Download link...

FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities

FCMS2.7.2 cms and earlier multiple CSRF Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple CSRF Vulnerability Download link...

fCMS Cross Site Scripting

Exploit Title: fCMS Cross Site Scripting Google Dorks: "inurl://ecards.html?","inurl:/ecards.html?PUC=","inurl:/ecards.html?PICKID=" Date: 24.08.2011 Author: Sony Software Link: http://www.fidion.de/ Version: all version Proof of concept:...

CVE-2010-3419

Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS FCMS 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the currentuserid parameter to 1 familynews.php and 2 settings.php...

CVE-2010-3419

Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS FCMS 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the currentuserid parameter to 1 familynews.php and 2 settings.php...

CVE-2010-3419

Haudenschilt Family Connections CMS (FCMS) 2.2.3 is vulnerable to multiple PHP remote file inclusion (RFI) flaws. The issue allows an attacker to execute arbitrary PHP code by supplying a URL in the current_user_id parameter to two scripts (familynews.php and settings.php). This stems from insecu...

fcms 2.2.3 - Remote File Inclusion

fcms 2.2.3 - Remote File Inclusion x Exploit Title: FCMS2.2.3 Remote File Inclusion x Date: 10-9-2010 x Author: LoSt.HaCkEr aDaMTRoJaN x Software Link: http://www.familycms.com/getstarted.php x Version: v 2.2.3 xTested on: Windows XP x CVE : x My E-MaIl:LoSt.HaCkEratHaCkErdotPs xExploit:...

fcms 2.2.3 - Remote File Inclusion

x Exploit Title: FCMS2.2.3 Remote File Inclusion x Date: 10-9-2010 x Author: LoSt.HaCkEr aDaMTRoJaN x Software Link: http://www.familycms.com/getstarted.php x Version: v 2.2.3 xTested on: Windows XP x CVE : x My E-MaIl:LoSt.HaCkEratHaCkErdotPs xExploit:...