Lucene search
Mipcms Security Vulnerabilities
cve
Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.
4.8CVSS
5.2AI Score
0.001EPSS
2023-05-08 02:15 PM
13
cve
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.
8.8CVSS
8.8AI Score
0.001EPSS
2021-09-09 06:15 PM
34
cve
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.
6.5CVSS
6.4AI Score
0.001EPSS
2021-09-09 06:15 PM
21
cve
A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information.
7.5CVSS
7.5AI Score
0.003EPSS
2021-07-08 04:15 PM
38
2