An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.
5.4CVSS
5.2AI Score
0.001EPSS
An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.
8.8CVSS
8.7AI Score
0.001EPSS
An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.
8.8CVSS
8.7AI Score
0.001EPSS
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.
9.8CVSS
9.5AI Score
0.006EPSS
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.
6.1CVSS
6AI Score
0.001EPSS