Lucene search
K
Pb-cms ProjectPb-cms

11 matches found

CVE
CVE
added 2024/01/22 12:31 a.m.135 views

CVE-2024-0776

CVE-2024-0776 affects LinZhaoguan pb-cms 2.0, specifically the Comment Handler component. A cross-site scripting vulnerability is triggered by manipulating input, e.g. , with remote exploitation reportedly possible and the exploit disclosed publicly. Multiple connected sources corroborate the iss...

5.4CVSS5.2AI score0.00565EPSS
CVE
CVE
added 2025/04/07 9:31 p.m.56 views

CVE-2025-3385

The CVE-2025-3385 affects LinZhaoguan pb-cms 2.0, specifically the Classification Management Page. The issue arises from manipulating the Classification name argument, enabling cross-site scripting. Exploitation is remote and publicly disclosed. Some sources mention no explicit patch version; a t...

4.8CVSS6.4AI score0.00323EPSS
CVE
CVE
added 2025/04/07 10:0 p.m.55 views

CVE-2025-3386

CVE-2025-3386 affects LinZhaoguan pb-cms 2.0, specifically the Friendship Link Handler’s /admin#links function. The vulnerability is a cross-site scripting issue described as potentially exploitable remotely, with the exploit disclosed publicly. Multiple sources corroborate the issue, including R...

4.8CVSS6.4AI score0.00323EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.52 views

CVE-2022-4354

CVE-2022-4354 affects LinZhaoguan pb-cms 2.0, specifically the /blog/comment function of the Message Board. A cross-site scripting vulnerability is present due to an issue in an unknown functionality, allowing remote exploitation. The vulnerability has been publicly disclosed (VDB-215114). NVD in...

9.6CVSS6.5AI score0.00536EPSS
CVE
CVE
added 2025/01/09 12:0 a.m.51 views

CVE-2024-51229

CVE-2024-51229 : A cross-site scripting (XSS) flaw in LinZhaoguan pb-cms version 2.0 is exposed via the theme management function, allowing a remote attacker to execute arbitrary code. Multiple sources (NVD, Red Hat advisory, CNVD/CNNVD, CVE listings) corroborate the impact as remote, with high s...

8.8CVSS7.5AI score0.00825EPSS
CVE
CVE
added 2025/03/06 9:31 p.m.51 views

CVE-2025-2043

LinZhaoguan pb-cms 1.0.0 contains a deserialization flaw in the Add New Topic Handler when processing Topic Key in /admin#themes. This remote-native exploit may be used to trigger deserialization and is described as critical in CVE-2025-2043. Multiple sources corroborate the issue and its public ...

7.2CVSS7.2AI score0.00457EPSS
CVE
CVE
added 2024/10/29 1:0 a.m.50 views

CVE-2024-10479

CVE-2024-10479 affects LinZhaoguan pb-cms up to version 2.0.1, specifically a vulnerability in the Theme Management Module’s file /admin#themes that enables cross-site scripting. The flaw can be exploited remotely and the exploit has been disclosed publicly. Affected function/details are not full...

5.4CVSS3.4AI score0.0028EPSS
CVE
CVE
added 2024/10/29 12:31 a.m.49 views

CVE-2024-10478

CVE-2024-10478 affects LinZhaoguan pb-cms up to version 2.0.1. The issue resides in the Edit Article Handler, specifically in processing the file path /admin#article/edit?id=2, enabling cross-site scripting. Exploitation is possible remotely and has been publicly disclosed. Connected sources prov...

5.4CVSS3.4AI score0.0028EPSS
Web
CVE
CVE
added 2022/12/08 12:0 a.m.46 views

CVE-2022-4353

CVE-2022-4353 affects LinZhaoguan pb-cms 2.0, specifically the IpUtil.getIpAddr function. The vulnerability allows cross-site scripting and can be exploited remotely, with exploitation publicly disclosed (VDB-215113). Several connected sources corroborate XSS via IpUtil.getIpAddr and remote attac...

5.4CVSS4.4AI score0.00356EPSS
CVE
CVE
added 2024/10/29 12:31 a.m.46 views

CVE-2024-10477

CVE-2024-10477 affects LinZhaoguan pb-cms up to version 2.0.1. The vulnerability resides in the Permission Management Page component, specifically the file referenced as /admin#permissions, and leads to cross-site scripting. The issue can be triggered remotely and, according to multiple sources, ...

5.4CVSS3.5AI score0.0028EPSS
CVE
CVE
added 2025/02/27 5:31 p.m.44 views

CVE-2025-1745

CVE-2025-1745 affects LinZhaoguan pb-cms 2.0, specifically the Logout component. The issue enables cross-site request forgery and can be exploited remotely; the exploit has been disclosed publicly. Concrete details across connected sources consistently identify the affected product/version and th...

5.3CVSS4.8AI score0.0026EPSS