Lucene search
+L

15 matches found

CVE
CVE
added 2023/10/28 12:0 a.m.86 views

CVE-2023-46467

CVE-2023-46467 affects juzawebCMS versions 3.4 and earlier. The vulnerability is a Cross-Site Scripting flaw that allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter on the registration page. Root cause details are not explicitly provided beyond the ...

5.4CVSS5.7AI score0.00504EPSS
CVE
CVE
added 2025/06/02 12:31 a.m.63 views

CVE-2025-5421

CVE-2025-5421 affects juzaweb CMS up to version 3.4.2, targeting the Plugin Editor Page component at the file path /admin-cp/plugin/editor. The issue is described as improper access controls on a functionality whose exact behavior is not fully disclosed in the provided documents. The vulnerabilit...

6.5CVSS6.4AI score0.0035EPSS
CVE
CVE
added 2025/06/02 12:0 a.m.62 views

CVE-2025-5420

CVE-2025-5420 affects juzaweb CMS up to version 3.4.2. The vulnerability is an XSS in the Upload parameter of /admin-cp/file-manager/upload on the Profile Page due to improper input handling. It can be exploited remotely and the exploit has been disclosed publicly. Multiple sources confirm the is...

5.4CVSS6.1AI score0.00278EPSS
Web
CVE
CVE
added 2025/06/02 1:0 a.m.56 views

CVE-2025-5422

Juzaweb CMS (

5.3CVSS4.6AI score0.00384EPSS
CVE
CVE
added 2025/06/02 1:31 a.m.55 views

CVE-2025-5423

Juzaweb CMS up to version 3.4.2 has a vulnerability in the General Setting Page at /admin-cp/setting/system/general. The issue is improper access controls, enabling remote exploitation and is publicly disclosed. Vendor did not respond. As a temporary mitigation, PT-2025-23446 recommends restricti...

6.5CVSS6.5AI score0.0035EPSS
CVE
CVE
added 2025/06/02 3:0 a.m.55 views

CVE-2025-5426

Juzaweb CMS up to version 3.4.2 contains a vulnerability in the Menu Page component, specifically an issue with improper access controls on the file /admin-cp/menus. The documented impact is remote exploitation with an attacker able to manipulate access controls, enabling unauthorized actions. Mu...

6.5CVSS6.8AI score0.0035EPSS
CVE
CVE
added 2025/06/02 4:31 a.m.54 views

CVE-2025-5429

Juzaweb CMS (versions up to 3.4.2) contains a vulnerability in the Plugins Page, specifically the /admin-cp/plugin/install endpoint. The issue is described as improper access controls that can be triggered remotely, enabling unauthorized access. Multiple connected sources corroborate the vulnerab...

6.5CVSS6.5AI score0.0035EPSS
CVE
CVE
added 2025/06/02 2:0 a.m.53 views

CVE-2025-5424

Juzaweb CMS

6.5CVSS6.4AI score0.00414EPSS
CVE
CVE
added 2025/06/02 2:31 a.m.53 views

CVE-2025-5425

CVE-2025-5425 affects juzaweb CMS up to 3.4.2. The vulnerability targets the Theme Editor Page component (file /admin-cp/theme/editor/default) and is due to improper access controls in that function, enabling a remote attack. An exploit has been publicly disclosed. The connected documents do not ...

6.5CVSS6.8AI score0.00365EPSS
CVE
CVE
added 2025/06/02 3:31 a.m.53 views

CVE-2025-5427

Juzaweb CMS contains a vulnerability in the Permalinks Page (file /admin-cp/permalinks) up to version 3.4.2. Root cause: improper access controls on that functionality. Impact: potential unauthorized access, with network-based remote exploitation. Exploit has been disclosed publicly. As of provid...

6.5CVSS6.4AI score0.0035EPSS
CVE
CVE
added 2025/06/02 4:0 a.m.52 views

CVE-2025-5428

CVE-2025-5428 affects juzaweb CMS up to 3.4.2. The issue is in the /admin-cp/log-viewer portion of the Error Logs Page, where improper access controls allow remote exploitation. Multiple sources (NVD, Red Hat, PT Security, CNNVD, OSV, etc.) confirm a critical, network-exploitable flaw with LOW co...

6.5CVSS7AI score0.0035EPSS
CVE
CVE
added 2024/01/09 12:0 a.m.47 views

CVE-2023-46906

CVE-2023-46906 affects juzaweb CMS (

4.9CVSS5AI score0.00694EPSS
CVE
CVE
added 2024/08/06 12:31 p.m.37 views

CVE-2024-7551

CVE-2024-7551 affects Juzaweb CMS up to version 3.4.2. The flaw resides in an unknown function in the file /admin-cp/theme/editor/default of the Theme Editor, enabling path traversal. The issue can be triggered remotely and has had an exploit disclosed publicly. Details across connected records c...

5.1CVSS3.7AI score0.00881EPSS
CVE
CVE
added 2025/06/26 11:31 p.m.26 views

CVE-2025-6736

CVE-2025-6736 affects Juzaweb CMS 3.4.2. The issue lies in the /admin-cp/theme/install endpoint of the Add New Themes Page, enabling improper authorization via a remote attack. The exploit has been publicly disclosed, and a PoC exists. Public vendor response is not documented here. CVSS details i...

8.8CVSS6.5AI score0.00415EPSS
CVE
CVE
added 2025/06/26 11:31 p.m.25 views

CVE-2025-6735

JuzaWeb CMS 3.4.2 contains a vulnerability in the Import Page component (unknown function under /admin-cp/imports) that allows improper authorization. The issue can be exploited remotely and public PoC/exploit details exist. Vendor did not respond to disclosure. Reported data indicate various CVS...

8.8CVSS6.5AI score0.00415EPSS