3 matches found
CVE-2020-17999
Cross Site Scripting XSS in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php"...
CVE-2019-13340
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186...
MiniCMS 路径遍历漏洞
MiniCMS is a micro content management system designed for personal websites. A directory traversal vulnerability exists in pageedit.php in MiniCMS V1.10. A remote attacker can exploit this vulnerability to read arbitrary files via the state parameter...