Lucene search
+L

10 matches found

cve
cve
added 2017/07/13 1:0 a.m.62 views

CVE-2017-11198

CVE-2017-11198 is an XSS vulnerability in FineCMS, affecting the file /application/lib/ajax/get_image.php. The issue allows remote attackers to inject arbitrary web script or HTML by manipulating the folder, id, or name parameters in FineCMS releases up to 2017-07-12. Impact is described as cross...

6.1CVSS6AI score0.00785EPSS
Web
cve
cve
added 2017/07/07 11:0 a.m.56 views

CVE-2017-10968

CVE-2017-10968 affects FineCMS versions up to 2017-07-07. The issue occurs in application/core/controller/template.php , where an attacker can achieve remote PHP code execution by placing code after the opening tag "

9.8CVSS9.6AI score0.02173EPSS
cve
cve
added 2017/07/12 12:0 a.m.55 views

CVE-2017-11179

CVE-2017-11179 affects FineCMS up to 2017-07-11. The vulnerability is a stored XSS in two routes: route=admin (modifying user information) and route=register (registering a user account). The documents do not provide root-cause specifics beyond the XSS description, nor do they include remediation...

6.1CVSS5.9AI score0.00632EPSS
cve
cve
added 2017/05/28 8:0 p.m.55 views

CVE-2017-9252

Vulnerability context: CVE-2017-9252 affects FineCMS up to 2017-05-28. It is a reflected Cross-Site Scripting (XSS) in the search page, exploitable via the text-search parameter to index.php with route=search. What’s affected: FineCMS’s search functionality (versions prior to or including 2017-05...

6.1CVSS5.9AI score0.00632EPSS
Web
cve
cve
added 2017/07/13 1:0 a.m.54 views

CVE-2017-11201

The CVE-2017-11201 entry affects FineCMS, specifically the application/core/controller/images.php logic. The vulnerability allows XSS by uploading an image via route=images, exploited by remote authenticated admins. Affected versions are FineCMS up to 2017-07-12. The root cause is improper handli...

5.4CVSS5AI score0.00614EPSS
cve
cve
added 2017/07/12 12:0 a.m.50 views

CVE-2017-11180

CVE-2017-11180 affects FineCMS up to 2017-07-11; the issue is a stored XSS in the logging functionality. The payloads demonstrated involve (1) the User-Agent header of HTTP requests and (2) the username entered on the login screen. The root cause is that log processing allows XSS content to be st...

6.1CVSS5.9AI score0.00632EPSS
cve
cve
added 2017/05/28 8:0 p.m.48 views

CVE-2017-9251

FineCMS prior to 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter of admin.php. The vulnerability is confirmed across multiple sources; the root cause is unsanitized input reflected in the sitename field. Impact is XSS (arbitrary script/HTML execution) in affected pages. Expl...

6.1CVSS5.9AI score0.00632EPSS
Web
cve
cve
added 2017/07/13 1:0 a.m.47 views

CVE-2017-11200

CVE-2017-11200 is a SQL injection vulnerability in FineCMS, present through 2017-07-12, exploitable via the visitor_ip parameter in application/core/controller/excludes.php. Public records (NVD and related CVE lists) indicate a high-severity impact (CVSS-3 base score 8.8) with network access, low...

8.8CVSS9.1AI score0.00997EPSS
Web
cve
cve
added 2017/07/13 1:0 a.m.47 views

CVE-2017-11202

CVE-2017-11202 refers to a FineCMS vulnerability up to 2017-07-12 where XSS is possible in visitors.php because JavaScript in visited URLs is not restricted during logging or when reading logs. This is described as a different vulnerability from CVE-2017-11180. Connected sources confirm broader X...

6.1CVSS6AI score0.00669EPSS
cve
cve
added 2017/07/06 4:0 p.m.42 views

CVE-2017-10967

Affected software: FineCMS (before 2017-07-06). Vulnerable component: application/core/controller/config.php. Vulnerability type: Cross-site scripting (XSS). Affected parameters: key_name, key_value, and meaning. Root cause / details: The available descriptions indicate that FineCMS allows XSS vi...

6.1CVSS6AI score0.00774EPSS