Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.
9.8CVSS
9.4AI Score
0.006EPSS
Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'.
6.1CVSS
6.2AI Score
0.001EPSS
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.
9.8CVSS
9.4AI Score
0.005EPSS
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.
7.5CVSS
7.3AI Score
0.019EPSS
Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.
7.5CVSS
6.5AI Score
0.001EPSS