Lucene search

K

6 matches found

CVE
CVE
added 2021/05/10 11:15 p.m.65 views

CVE-2020-23371

Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.

6.1CVSS6AI score0.00186EPSS
CVE
CVE
added 2021/05/10 11:15 p.m.65 views

CVE-2020-23376

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.

6.1CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2021/05/10 11:15 p.m.56 views

CVE-2020-23373

Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.

5.4CVSS5AI score0.00129EPSS
CVE
CVE
added 2021/05/10 11:15 p.m.48 views

CVE-2020-23374

Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.

5.4CVSS5AI score0.00129EPSS
CVE
CVE
added 2021/06/22 3:15 p.m.42 views

CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".

7.5CVSS7.1AI score0.00232EPSS
CVE
CVE
added 2021/06/22 3:15 p.m.38 views

CVE-2020-18647

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".

7.5CVSS7.1AI score0.00232EPSS