4 matches found
CVE-2020-21356
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...
CVE-2020-21357
A stored cross site scripting XSS vulnerability in /admin.php?mod=user=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...
CVE-2020-21357
A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...
CVE-2020-21357
PopojiCMS 1.2 is affected by a stored XSS in /admin.php?mod=user&act=addnew, exploitable via a crafted payload in the E-Mail field. The vulnerability stems from an input that is stored and later rendered, enabling arbitrary web scripts or HTML execution. Exploitation details are not provided in t...