Search
Search Results (34 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31862 | 1 Jizhicms | 1 Jizhicms | 2025-01-21 | 5.4 Medium |
| jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package. | ||||
| CVE-2023-43836 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.5 Medium |
| There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | ||||
| CVE-2023-38948 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 7.2 High |
| An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. | ||||
| CVE-2023-2927 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-36578 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 9.8 Critical |
| jizhicms v2.3.1 has SQL injection in the background. | ||||
| CVE-2022-36577 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 8.8 High |
| An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. | ||||
| CVE-2022-31393 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 9.1 Critical |
| Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. | ||||
| CVE-2022-31390 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 9.1 Critical |
| Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. | ||||
| CVE-2022-27429 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 9.8 Critical |
| Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | ||||
| CVE-2020-23644 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.1 Medium |
| XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | ||||
| CVE-2020-23643 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.1 Medium |
| XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | ||||
| CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | ||||
| CVE-2020-21228 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.1 Medium |
| JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | ||||
| CVE-2019-17593 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 8.8 High |
| JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator. | ||||