Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
finecms project finecms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-11180
FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen.
Finecms Project Finecms -
4.3
CVSSv2
CVE-2017-9251
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.
Finecms Project Finecms -
4.3
CVSSv2
CVE-2017-9252
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
Finecms Project Finecms -
7.5
CVSSv2
CVE-2017-11167
FineCMS 2.1.0 allows remote malicious users to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.
Finecms Project Finecms 2.1.0
4.3
CVSSv2
CVE-2017-1000429
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.
Finecms Project Finecms 5.0.10
4.3
CVSSv2
CVE-2017-14193
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
Finecms Project Finecms 5.0.11
4.3
CVSSv2
CVE-2017-14194
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
Finecms Project Finecms 5.0.11
4.3
CVSSv2
CVE-2017-14192
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.
Finecms Project Finecms 5.0.11
4.3
CVSSv2
CVE-2017-14195
The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.
Finecms Project Finecms 5.0.11
7.5
CVSSv2
CVE-2017-12774
finecms in 1.9.5\controllers\member\ContentController.php allows remote malicious users to operate website database
Finecms Project Finecms 1.9.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »