Lucene search
K

109 matches found

CVE
CVE
added 2021/05/10 10:13 p.m.69 views

CVE-2020-23373

CVE-2020-23373 affects NoneCMS v1.3.0, with an XSS in admin/nav/add.html. The underlying issue is that the name parameter can trigger injection of arbitrary script/HTML by remote authenticated attackers. Public details across CNVD/NVD OSV entries consistently describe the same vector and impact; ...

5.4CVSS5AI score0.00791EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/10 10:13 p.m.22 views

CVE-2020-23374

Cross-site scripting XSS vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter...

5.2AI score0.00791EPSS
Exploits1References1
CVE
CVE
added 2021/05/10 10:13 p.m.58 views

CVE-2020-23374

CVE-2020-23374 concerns a Cross-site scripting (XSS) vulnerability in noneCMS. The connected sources describe an XSS in the admin/article/add.html endpoint for NoneCMS v1.3.0, where an attacker can inject arbitrary web script or HTML via the name parameter. The vulnerability is authenticated and ...

5.4CVSS5AI score0.00791EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/10 10:12 p.m.21 views

CVE-2020-23376

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack...

6AI score0.00358EPSS
Exploits1References2
CVE
CVE
added 2021/05/10 10:12 p.m.75 views

CVE-2020-23376

NoneCMS v1.3 is affected by a CSRF vulnerability in the endpoint public/index.php/admin/nav/add.html. The issue allows an attacker to inject arbitrary web script or HTML via the name parameter, enabling a potential stored XSS attack. The vulnerability is documented across multiple sources (e.g., ...

6.1CVSS5.8AI score0.00358EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/10 12:0 a.m.5 views

PT-2021-10895 · Nonecms · Nonecms

Name of the Vulnerable Software and Affected Versions: NoneCMS version 1.3 Description: The issue concerns a CSRF vulnerability in the public/index.php/admin/nav/add.html endpoint, where an attacker can inject arbitrary web script or HTML via the name parameter to launch a stored XSS attack...

6.1CVSS5.8AI score0.00358EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.6 views

NoneCms 跨站脚本漏洞

NoneCms is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. NoneCms 1.3.0 version of static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf cross-site scripting vulnerability. The...

6.1CVSS5.4AI score0.00937EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.7 views

NoneCMS 跨站请求伪造漏洞

NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site request forgery vulnerability exists in public/index.php/admin/nav/add.html in NoneCMS version 1.3. An attacker can use this...

6.1CVSS5.5AI score0.00358EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.22 views

NoneCMS 跨站脚本漏洞

NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site scripting vulnerability exists in admin/nav/add.html in NoneCMS version 1.3.0. Attackers can use the name parameter to inject...

5.4CVSS5.4AI score0.00791EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.5 views

NoneCMS 跨站脚本漏洞

NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site scripting vulnerability exists in admin/article/add.html in NoneCMS version 1.3.0. Attackers can use the name parameter to inje...

5.4CVSS5.4AI score0.00791EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2021/01/17 12:0 a.m.0 views

NoneCMS ThinkPHP Framework Remote Code Execution

A remote code execution vulnerability exists in NoneCMS ThinkPHP Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.6AI score
Exploits0
CNVD
CNVD
added 2020/09/25 12:0 a.m.1 views

XSS Vulnerability in Nonecms 1.2.0

NoneCms is an open source content management system. An XSS vulnerability exists in Nonecms 1.2.0, which can be exploited by attackers to obtain an administrator cookie...

6.3AI score
Exploits0
CNVD
CNVD
added 2020/06/20 12:0 a.m.1 views

Arbitrary File Deletion Vulnerability in NoneCms Ma***.php File

NoneCms is an open source CMS Content Management System for building corporate websites, personal blogs and supporting mobile. NoneCms Ma.php file contains arbitrary file deletion vulnerability. Attackers can exploit the vulnerability to delete arbitrary files...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/06/20 12:0 a.m.1 views

Stored Cross-Site Scripting Vulnerability in NoneCms

NoneCms is an open source CMS Content Management System for building corporate websites, personal blogs and supporting mobile. A stored cross-site scripting vulnerability exists in NoneCms. Attackers can use the vulnerability to obtain administrator cookies...

6.2AI score
Exploits0
NVD
NVD
added 2019/09/23 2:15 p.m.17 views

CVE-2019-16721

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...

6.5CVSS6.5AI score0.00534EPSS
Exploits1References1
OSV
OSV
added 2019/09/23 2:15 p.m.16 views

CVE-2019-16721

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...

6.5CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2019/09/23 2:15 p.m.15 views

Design/Logic Flaw

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...

5.8CVSS6.5AI score0.00534EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/09/23 1:35 p.m.51 views

CVE-2019-16721

CVE-2019-16721 affects NoneCMS v1.3 and is a cross-site request forgery in the public/index.php/admin/admin/dele.html endpoint, demonstrated by deletion of the admin user. The issue arises from CSRF on the admin delete action, allowing an attacker‑crafted request to trigger admin-user deletion un...

6.5CVSS6.5AI score0.00534EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/09/23 12:0 a.m.4 views

NoneCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-35786)

NoneCMS is a content management system CMS based on Thinkphp. A cross-site request forgery vulnerability exists in the public/index.php/admin/admin/dele.html page in NoneCMS v1.3, which can be exploited by an attacker to send an unintended request to the server via an affected client...

6.5CVSS6.9AI score0.00534EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2019/07/01 12:0 a.m.15 views

NoneCMS ThinkPHP Remote Code Execution (CVE-2018-20062)

A remote code execution vulnerability exists in NoneCMS ThinkPHP framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS9.5AI score0.9953EPSS
Exploits4
Rows per page
Query Builder