Minicms Security Vulnerabilities and Issues — Minicms CVE List

Lucene search

1234nMinicms

5 matches found

CVE•added 2019/07/05 3:16 p.m.•294 views

CVE-2019-13339

In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user's cookie.

4.8CVSS4.7AI score0.00219EPSS

CVE•added 2019/07/05 3:16 p.m.•289 views

CVE-2019-13341

In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie.

4.8CVSS4.7AI score0.00219EPSS

CVE•added 2019/07/05 3:16 p.m.•277 views

CVE-2019-13340

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186.

4.8CVSS5.1AI score0.0024EPSS

CVE•added 2018/04/26 5:29 a.m.•48 views

CVE-2018-10423

mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.

4CVSS4AI score0.0018EPSS

CVE•added 2018/04/26 5:29 a.m.•41 views

CVE-2018-10424

mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.

4CVSS3.9AI score0.00228EPSS