12 matches found
CVE-2023-49490
XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin.php...
EUVD-2024-21810
Malicious code in bioql PyPI...
EUVD-2022-35251
Malicious code in bioql PyPI...
CVE-2024-24389
A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...
CVE-2024-24388
Cross-site scripting XSS vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login...
CVE-2022-30037
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...
CVE-2025-2131 dayrui XunRuiCMS Friendly Links cross site scripting
A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. Th...
PT-2024-24170 · Xunruicms · Xunruicms
Name of the Vulnerable Software and Affected Versions: Xunruicms versions 4.6.3 and before Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via the Security.php file in the catalog XunRuiCMSdayruiFcmsLibrary. This enables the attacker to perform...
CVE-2023-49490
XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin.php...
CVE-2021-38243
xunruicms up to v4.5.1 was discovered to contain a remote code execution RCE vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request...
CVE-2022-30037
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...
CVE-2022-36224
XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery CSRF...