Lucene search
+L

191 matches found

Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.9 views

PT-2025-17375 · Wcms · Wcms

Name of the Vulnerable Software and Affected Versions: WCMS version 11 Description: A critical vulnerability was found in WCMS 11, affecting an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the email/username argument leads to SQL injection. It is...

9.8CVSS7.5AI score0.00455EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2025/04/02 6:33 a.m.26 views

CVE-2025-2979

A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...

4.8CVSS6.3AI score0.00337EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/02 5:34 a.m.12 views

CVE-2025-2978

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?=container=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The...

6.5CVSS7AI score0.00492EPSS
Exploits1References1
NVD
NVD
added 2025/03/31 6:15 a.m.29 views

CVE-2025-2978

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...

9.8CVSS0.00492EPSS
Exploits1References4
OSV
OSV
added 2025/03/31 6:15 a.m.4 views

CVE-2025-2979

A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...

5.4CVSS3.8AI score0.00337EPSS
Exploits1References4
NVD
NVD
added 2025/03/31 6:15 a.m.14 views

CVE-2025-2979

A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...

5.4CVSS0.00337EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/31 6:0 a.m.14 views

CVE-2025-2979 WCMS Registration setregister cross site scripting

A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...

4.8CVSS3.4AI score0.00337EPSS
Exploits1References4
CVE
CVE
added 2025/03/31 6:0 a.m.56 views

CVE-2025-2979

WCMS 11 contains a cross-site scripting vulnerability in the Registration component, specifically via manipulating the Username parameter in /index.php?anonymous/setregister. The issue allows remote attackers to induce XSS, with exploitation disclosed publicly and no vendor response noted in the ...

5.4CVSS3.3AI score0.00337EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/03/31 6:0 a.m.22 views

CVE-2025-2979 WCMS Registration setregister cross site scripting

A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...

4.8CVSS0.00337EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/31 5:31 a.m.15 views

CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...

6.5CVSS6.4AI score0.00492EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/03/31 5:31 a.m.23 views

CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...

6.5CVSS0.00492EPSS
Exploits1References4
CVE
CVE
added 2025/03/31 5:31 a.m.68 views

CVE-2025-2978

CVE-2025-2978 affects WCMS 11; the Article Publishing Page contains a vulnerability in the Upload parameter that allows unrestricted uploads via /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1. Exploitation is remote and the exploit has been disclosed publicly; vendor did no...

9.8CVSS6.9AI score0.00492EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/09/15 10:15 p.m.20 views

CVE-2024-8875

A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

9.1CVSS0.00853EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/09/15 9:31 p.m.10 views

CVE-2024-8875 vedees wcms finder.php path traversal

A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

5.5CVSS5.6AI score0.00853EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/09/15 9:31 p.m.37 views

CVE-2024-8875 vedees wcms finder.php path traversal

A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

5.5CVSS0.00853EPSS
Exploits1References4
CVE
CVE
added 2024/09/15 9:31 p.m.56 views

CVE-2024-8875

CVE-2024-8875 affects vedees wcms up to version 0.3.2. The vulnerability resides in the /wex/finder.php file, where manipulating the p argument causes path traversal. It is a remoteable issue with public exploitation information; vendors reportedly did not respond. Connected documents corroborate...

9.1CVSS6AI score0.00853EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/09/15 9:31 p.m.17 views

CVE-2024-8875 vedees wcms finder.php path traversal

A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

5.3CVSS5.7AI score0.00853EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/09/14 12:0 a.m.6 views

PT-2024-39293 · Unknown · Vedees Wcms

Name of the Vulnerable Software and Affected Versions: vedees wcms versions up to 0.3.2 Description: A critical vulnerability was found in vedees wcms, affecting an unknown functionality of the file /wex/finder.php. The manipulation of the p argument leads to path traversal. The attack can be...

9.1CVSS5.9AI score0.00853EPSS
Exploits1References13
NVD
NVD
added 2023/06/27 8:15 p.m.24 views

CVE-2020-19902

Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter...

9.8CVSS9.6AI score0.01935EPSS
Exploits1References1
OSV
OSV
added 2023/06/27 8:15 p.m.10 views

CVE-2020-19902

Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter...

9.8CVSS8.1AI score
Exploits0References1
Rows per page
Query Builder