109 matches found
CVE-2020-23373
CVE-2020-23373 affects NoneCMS v1.3.0, with an XSS in admin/nav/add.html. The underlying issue is that the name parameter can trigger injection of arbitrary script/HTML by remote authenticated attackers. Public details across CNVD/NVD OSV entries consistently describe the same vector and impact; ...
CVE-2020-23374
Cross-site scripting XSS vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter...
CVE-2020-23374
CVE-2020-23374 concerns a Cross-site scripting (XSS) vulnerability in noneCMS. The connected sources describe an XSS in the admin/article/add.html endpoint for NoneCMS v1.3.0, where an attacker can inject arbitrary web script or HTML via the name parameter. The vulnerability is authenticated and ...
CVE-2020-23376
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack...
CVE-2020-23376
NoneCMS v1.3 is affected by a CSRF vulnerability in the endpoint public/index.php/admin/nav/add.html. The issue allows an attacker to inject arbitrary web script or HTML via the name parameter, enabling a potential stored XSS attack. The vulnerability is documented across multiple sources (e.g., ...
PT-2021-10895 · Nonecms · Nonecms
Name of the Vulnerable Software and Affected Versions: NoneCMS version 1.3 Description: The issue concerns a CSRF vulnerability in the public/index.php/admin/nav/add.html endpoint, where an attacker can inject arbitrary web script or HTML via the name parameter to launch a stored XSS attack...
NoneCms 跨站脚本漏洞
NoneCms is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. NoneCms 1.3.0 version of static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf cross-site scripting vulnerability. The...
NoneCMS 跨站请求伪造漏洞
NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site request forgery vulnerability exists in public/index.php/admin/nav/add.html in NoneCMS version 1.3. An attacker can use this...
NoneCMS 跨站脚本漏洞
NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site scripting vulnerability exists in admin/nav/add.html in NoneCMS version 1.3.0. Attackers can use the name parameter to inject...
NoneCMS 跨站脚本漏洞
NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site scripting vulnerability exists in admin/article/add.html in NoneCMS version 1.3.0. Attackers can use the name parameter to inje...
NoneCMS ThinkPHP Framework Remote Code Execution
A remote code execution vulnerability exists in NoneCMS ThinkPHP Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
XSS Vulnerability in Nonecms 1.2.0
NoneCms is an open source content management system. An XSS vulnerability exists in Nonecms 1.2.0, which can be exploited by attackers to obtain an administrator cookie...
Arbitrary File Deletion Vulnerability in NoneCms Ma***.php File
NoneCms is an open source CMS Content Management System for building corporate websites, personal blogs and supporting mobile. NoneCms Ma.php file contains arbitrary file deletion vulnerability. Attackers can exploit the vulnerability to delete arbitrary files...
Stored Cross-Site Scripting Vulnerability in NoneCms
NoneCms is an open source CMS Content Management System for building corporate websites, personal blogs and supporting mobile. A stored cross-site scripting vulnerability exists in NoneCms. Attackers can use the vulnerability to obtain administrator cookies...
CVE-2019-16721
NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...
CVE-2019-16721
NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...
Design/Logic Flaw
NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...
CVE-2019-16721
CVE-2019-16721 affects NoneCMS v1.3 and is a cross-site request forgery in the public/index.php/admin/admin/dele.html endpoint, demonstrated by deletion of the admin user. The issue arises from CSRF on the admin delete action, allowing an attacker‑crafted request to trigger admin-user deletion un...
NoneCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-35786)
NoneCMS is a content management system CMS based on Thinkphp. A cross-site request forgery vulnerability exists in the public/index.php/admin/admin/dele.html page in NoneCMS v1.3, which can be exploited by an attacker to send an unintended request to the server via an affected client...
NoneCMS ThinkPHP Remote Code Execution (CVE-2018-20062)
A remote code execution vulnerability exists in NoneCMS ThinkPHP framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...