3 matches found
CVE-2020-23373
Cross-site scripting XSS vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter...
CVE-2020-23373
CVE-2020-23373 affects NoneCMS v1.3.0, with an XSS in admin/nav/add.html. The underlying issue is that the name parameter can trigger injection of arbitrary script/HTML by remote authenticated attackers. Public details across CNVD/NVD OSV entries consistently describe the same vector and impact; ...
CVE-2020-23376
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack...