11 matches found
CVE-2024-0776
CVE-2024-0776 affects LinZhaoguan pb-cms 2.0, specifically the Comment Handler component. A cross-site scripting vulnerability is triggered by manipulating input, e.g. , with remote exploitation reportedly possible and the exploit disclosed publicly. Multiple connected sources corroborate the iss...
CVE-2025-3385
The CVE-2025-3385 affects LinZhaoguan pb-cms 2.0, specifically the Classification Management Page. The issue arises from manipulating the Classification name argument, enabling cross-site scripting. Exploitation is remote and publicly disclosed. Some sources mention no explicit patch version; a t...
CVE-2025-3386
CVE-2025-3386 affects LinZhaoguan pb-cms 2.0, specifically the Friendship Link Handler’s /admin#links function. The vulnerability is a cross-site scripting issue described as potentially exploitable remotely, with the exploit disclosed publicly. Multiple sources corroborate the issue, including R...
CVE-2022-4354
CVE-2022-4354 affects LinZhaoguan pb-cms 2.0, specifically the /blog/comment function of the Message Board. A cross-site scripting vulnerability is present due to an issue in an unknown functionality, allowing remote exploitation. The vulnerability has been publicly disclosed (VDB-215114). NVD in...
CVE-2024-51229
CVE-2024-51229 : A cross-site scripting (XSS) flaw in LinZhaoguan pb-cms version 2.0 is exposed via the theme management function, allowing a remote attacker to execute arbitrary code. Multiple sources (NVD, Red Hat advisory, CNVD/CNNVD, CVE listings) corroborate the impact as remote, with high s...
CVE-2025-2043
LinZhaoguan pb-cms 1.0.0 contains a deserialization flaw in the Add New Topic Handler when processing Topic Key in /admin#themes. This remote-native exploit may be used to trigger deserialization and is described as critical in CVE-2025-2043. Multiple sources corroborate the issue and its public ...
CVE-2024-10479
CVE-2024-10479 affects LinZhaoguan pb-cms up to version 2.0.1, specifically a vulnerability in the Theme Management Module’s file /admin#themes that enables cross-site scripting. The flaw can be exploited remotely and the exploit has been disclosed publicly. Affected function/details are not full...
CVE-2024-10478
CVE-2024-10478 affects LinZhaoguan pb-cms up to version 2.0.1. The issue resides in the Edit Article Handler, specifically in processing the file path /admin#article/edit?id=2, enabling cross-site scripting. Exploitation is possible remotely and has been publicly disclosed. Connected sources prov...
CVE-2022-4353
CVE-2022-4353 affects LinZhaoguan pb-cms 2.0, specifically the IpUtil.getIpAddr function. The vulnerability allows cross-site scripting and can be exploited remotely, with exploitation publicly disclosed (VDB-215113). Several connected sources corroborate XSS via IpUtil.getIpAddr and remote attac...
CVE-2024-10477
CVE-2024-10477 affects LinZhaoguan pb-cms up to version 2.0.1. The vulnerability resides in the Permission Management Page component, specifically the file referenced as /admin#permissions, and leads to cross-site scripting. The issue can be triggered remotely and, according to multiple sources, ...
CVE-2025-1745
CVE-2025-1745 affects LinZhaoguan pb-cms 2.0, specifically the Logout component. The issue enables cross-site request forgery and can be exploited remotely; the exploit has been disclosed publicly. Concrete details across connected sources consistently identify the affected product/version and th...