Otcms Security Vulnerabilities and Issues — Otcms CVE List

Lucene search

OtcmsOtcms

7 matches found

CVE•added 2023/06/14 9:15 a.m.•38 views

CVE-2023-3240

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and ...

6.5CVSS4.8AI score0.00109EPSS

CVE•added 2023/03/25 7:15 p.m.•31 views

CVE-2023-1635

A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was assign...

6.1CVSS4.8AI score0.0007EPSS

CVE•added 2018/09/16 5:29 p.m.•29 views

CVE-2018-17086

An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName.

6.1CVSS6AI score0.0024EPSS

CVE•added 2019/10/09 11:15 a.m.•28 views

CVE-2019-17369

OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.

6.5CVSS6.4AI score0.00117EPSS

CVE•added 2018/03/24 10:29 p.m.•27 views

CVE-2018-8973

OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request.

6.1CVSS6AI score0.0024EPSS

CVE•added 2018/09/16 5:29 p.m.•26 views

CVE-2018-17085

An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr.

6.1CVSS6AI score0.0024EPSS

CVE•added 2019/07/19 7:15 a.m.•25 views

CVE-2019-13971

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request.

6.1CVSS5.9AI score0.0024EPSS