6 matches found
CVE-2023-27091
CVE-2023-27091 affects XiaoBingby TeaCMS (version 2.3.3). The connected records describe an unauthorized access issue that allows attackers to escalate privileges via the id and keywords parameters. The vulnerability is evidenced across multiple sources (NVD, Red Hat, PRion, CNNVD, PT-SEC) with t...
CVE-2023-27090
CVE-2023-27090 is a stored Cross-Site Scripting vulnerability in TeaCMS storage. The issue allows an attacker to exfiltrate sensitive data by manipulating the article title parameter. Documented impact in the sources is confidentiality leakage with a CVSSv3.1 base score of 5.4 (NETWORK, LOW explo...
CVE-2025-5033
CVE-2025-5033 affects XiaoBingby TeaCMS 2.0.2. The vulnerability is in an unknown functionality of src/main/java/me/teacms/controller/admin/UserManageController/addUser, leading to cross-site request forgery (CSRF). It can be triggered remotely and an exploit has been disclosed publicly. Multiple...
CVE-2023-1483
XiaoBingBy TeaCMS
CVE-2023-1398
CVE-2023-1398 affects XiaoBingBy TeaCMS 2.0. The vulnerability is a path traversal in the unknown functionality of the file egress point /admin/upload, exploitable remotely via traversal sequence '../filedir'. The vulnerability has been publicly disclosed (VDB-222985) and is referenced across mul...
CVE-2023-1616
CVE-2023-1616 affects XiaoBingBy TeaCMS up to version 2.0.2, specifically the Article Title Handler component. The issue is a cross-site scripting vulnerability triggered by manipulating input such as , with remote exploitability. The public exploit is noted, and multiple sources confirm the vuln...