15 matches found
CVE-2023-46467
CVE-2023-46467 affects juzawebCMS versions 3.4 and earlier. The vulnerability is a Cross-Site Scripting flaw that allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter on the registration page. Root cause details are not explicitly provided beyond the ...
CVE-2025-5421
CVE-2025-5421 affects juzaweb CMS up to version 3.4.2, targeting the Plugin Editor Page component at the file path /admin-cp/plugin/editor. The issue is described as improper access controls on a functionality whose exact behavior is not fully disclosed in the provided documents. The vulnerabilit...
CVE-2025-5420
CVE-2025-5420 affects juzaweb CMS up to version 3.4.2. The vulnerability is an XSS in the Upload parameter of /admin-cp/file-manager/upload on the Profile Page due to improper input handling. It can be exploited remotely and the exploit has been disclosed publicly. Multiple sources confirm the is...
CVE-2025-5422
Juzaweb CMS (
CVE-2025-5423
Juzaweb CMS up to version 3.4.2 has a vulnerability in the General Setting Page at /admin-cp/setting/system/general. The issue is improper access controls, enabling remote exploitation and is publicly disclosed. Vendor did not respond. As a temporary mitigation, PT-2025-23446 recommends restricti...
CVE-2025-5426
Juzaweb CMS up to version 3.4.2 contains a vulnerability in the Menu Page component, specifically an issue with improper access controls on the file /admin-cp/menus. The documented impact is remote exploitation with an attacker able to manipulate access controls, enabling unauthorized actions. Mu...
CVE-2025-5429
Juzaweb CMS (versions up to 3.4.2) contains a vulnerability in the Plugins Page, specifically the /admin-cp/plugin/install endpoint. The issue is described as improper access controls that can be triggered remotely, enabling unauthorized access. Multiple connected sources corroborate the vulnerab...
CVE-2025-5424
Juzaweb CMS
CVE-2025-5425
CVE-2025-5425 affects juzaweb CMS up to 3.4.2. The vulnerability targets the Theme Editor Page component (file /admin-cp/theme/editor/default) and is due to improper access controls in that function, enabling a remote attack. An exploit has been publicly disclosed. The connected documents do not ...
CVE-2025-5427
Juzaweb CMS contains a vulnerability in the Permalinks Page (file /admin-cp/permalinks) up to version 3.4.2. Root cause: improper access controls on that functionality. Impact: potential unauthorized access, with network-based remote exploitation. Exploit has been disclosed publicly. As of provid...
CVE-2025-5428
CVE-2025-5428 affects juzaweb CMS up to 3.4.2. The issue is in the /admin-cp/log-viewer portion of the Error Logs Page, where improper access controls allow remote exploitation. Multiple sources (NVD, Red Hat, PT Security, CNNVD, OSV, etc.) confirm a critical, network-exploitable flaw with LOW co...
CVE-2023-46906
CVE-2023-46906 affects juzaweb CMS (
CVE-2024-7551
CVE-2024-7551 affects Juzaweb CMS up to version 3.4.2. The flaw resides in an unknown function in the file /admin-cp/theme/editor/default of the Theme Editor, enabling path traversal. The issue can be triggered remotely and has had an exploit disclosed publicly. Details across connected records c...
CVE-2025-6736
CVE-2025-6736 affects Juzaweb CMS 3.4.2. The issue lies in the /admin-cp/theme/install endpoint of the Add New Themes Page, enabling improper authorization via a remote attack. The exploit has been publicly disclosed, and a PoC exists. Public vendor response is not documented here. CVSS details i...
CVE-2025-6735
JuzaWeb CMS 3.4.2 contains a vulnerability in the Import Page component (unknown function under /admin-cp/imports) that allows improper authorization. The issue can be exploited remotely and public PoC/exploit details exist. Vendor did not respond to disclosure. Reported data indicate various CVS...