CVE-2026-5248

A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...

CVE-2026-5249 gougucms Record Endpoint record.html cross site scripting

A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...

CVE-2026-5249

Gougucms 4.08.18 is affected by a cross-site scripting (XSS) flaw in the Record Endpoint, specifically in the file gougucms-master/app/admin/view/user/record.html. The vulnerability arises when an attacker manipulates the value.content argument, enabling remote exploitation. Public exploit exists...

CVE-2026-5249

A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...

gougucms（勾股CMS） 代码注入漏洞

Gougucms is an open-source backend management framework developed by Gougu in China, based on ThinkPHP6, Layui, and MySql. Version 4.08.18 of Gougucms contains a code injection vulnerability. This vulnerability stems from incorrect handling of a parameter named "value.content" in the file...

CVE-2023-46394

A stored cross-site scripting XSS vulnerability in /home/user/editsubmit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter...

gougucms 跨站脚本漏洞

gougucms is a Chinese hook open source open source set based on ThinkPHP6 + Layui + MySql to build a lightweight general-purpose back-office management framework. gougucms v4.08.18 version of the existence of cross-site scripting vulnerability , the vulnerability stems from the application of the...

PT-2023-29999 · Gougucms · Gougucms

Name of the Vulnerable Software and Affected Versions: gougucms version 4.08.18 Description: The issue allows attackers to arbitrarily reset users' passwords via a crafted packet, exploiting a password reset poisoning vulnerability. Recommendations: For gougucms version 4.08.18, update to a versi...

CVE-2023-46394

A stored cross-site scripting XSS vulnerability in /home/user/editsubmit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter...