Lucene search
K

12 matches found

CVE
CVE
added 2020/03/14 7:30 p.m.124 views

CVE-2020-10578

CVE-2020-10578 affects QCMS v3.0.1 with an arbitrary file read vulnerability in the file path system/controller/backend/template.php. Multiple connected sources (NVD, Red Hat, CNVD, CNVD CNVD-2020-19603, etc.) corroborate that an attacker can read files, leading to information disclosure. The des...

7.5CVSS7.4AI score0.01152EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.56 views

CVE-2018-14977

CVE-2018-14977 affects QCMS 3.0.1. The vulnerability is a cross-site scripting (XSS) flaw in upload/System/Controller/guest.php, exploitable via the name parameter, as described in the CVE entry and corroborated by related CNVD/RedHat references. The issue is distinct from CVE-2018-8070 (XSS via ...

6.1CVSS5.6AI score0.00675EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.53 views

CVE-2018-14972

CVE-2018-14972 affects QCMS 3.0.1, with a cross-site scripting vulnerability in upload/System/Controller/backend/down.php. The issue is described across multiple records (NVD/CNVD/CVE entries) as an XSS in that file path; no specific exploit details, affected versions, or remediation are provided...

4.8CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.51 views

CVE-2018-14970

CVE-2018-14970 affects QCMS 3.0.1, with a cross-site scripting (XSS) flaw in upload/System/Controller/backend/slideshow.php. The connected sources (CNVD, NVD, CVE listings) confirm the vulnerable component/file and the underlying issue is XSS, but do not provide exploit details, affected versions...

4.8CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.51 views

CVE-2018-14973

Summary: CVE-2018-14973 affects QCMS 3.0.1, with a cross-site scripting (XSS) vulnerability in the file path upload/System/Controller/backend/product.php. The connected documents corroborate an XSS issue in this component/version. No explicit exploitation details, affected subcomponents beyond th...

4.8CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.51 views

CVE-2018-14976

CVE-2018-14976 affects QCMS 3.0.1. The vulnerability is a cross-site scripting flaw in upload/System/Controller/backend/category.php. The connected documents identify XSS in this file/version but do not provide details on exploit scenarios, impact scope beyond the generic XSS description, or any ...

4.8CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.50 views

CVE-2018-14971

Affected software: QCMS 3.0.1. Vulnerability: Cross-site scripting (XSS) in upload/System/Controller/backend/user.php. Root cause/impact: The issue is a content/script injection vulnerability within the specified PHP file. Documents do not provide further detail on the underlying cause beyond the...

4.8CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.49 views

CVE-2018-14969

QCMS 3.0.1 is affected by CVE-2018-14969. The vulnerability is a cross-site scripting flaw in upload/System/Controller/backend/system.php, described in CNVD-2019-10276 as exploitable by remote attackers to inject arbitrary web script or HTML. No specific exploit details or patch information are p...

4.8CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.48 views

CVE-2018-14974

CVE-2018-14974 affects QCMS 3.0.1, with a cross-site scripting (XSS) flaw in upload/System/Controller/backend/news.php. CNVD describes remote exploitation to inject arbitrary script/HTML; CVSS3 base score 4.8 (MEDIUM). No remediation details provided in the supplied documents.

4.8CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.48 views

CVE-2018-14975

Summary: QCMS 3.0.1 has a Cross-Site Scripting (XSS) vulnerability in upload/System/Controller/backend/album.php. Concretely : CNVD-2019-10280 describes an XSS in that file affecting QCMS 3.0.1, exploitable by remote attackers to inject arbitrary web script or HTML. This is consistent with CVE-20...

4.8CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2018/08/06 3:0 p.m.45 views

CVE-2018-14978

QCMS 3.0.1 contains a CSRF vulnerability via the backend/user/admin/add.html URI (CVE-2018-14978). The CNVD entry CNVD-2019-10282 documents this issue in QCMS 3.0.1, describing a cross-site forgery that enables unauthorized operations through that endpoint. The CVE entry notes the vulnerability a...

8.8CVSS8.6AI score0.00494EPSS
CVE
CVE
added 2025/08/06 12:0 a.m.19 views

CVE-2025-50233

QCMS 6.0.5 contains a vulnerability in the backend template editor where insufficient validation of the Name parameter enables authenticated users to perform directory traversal and read arbitrary server files outside the intended template directory (e.g., system configuration or PHP source). Imp...

6.5CVSS6.4AI score0.00472EPSS