Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
minicms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-44970
MiniCMS v1.11 exists to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.
1234n Minicms 1.11
6.1
CVSSv3
CVE-2018-20520
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233.
1234n Minicms 1.10
8.1
CVSSv3
CVE-2022-33121
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows malicious users to arbitrarily delete local .dat files via clicking on a malicious link.
1234n Minicms 1.11
4.8
CVSSv3
CVE-2019-13340
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186.
1234n Minicms 1.10
4.8
CVSSv3
CVE-2019-13341
In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie.
1234n Minicms 1.10
6.1
CVSSv3
CVE-2019-13186
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520.
1234n Minicms 1.10
6.1
CVSSv3
CVE-2018-15899
An issue exists in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
1234n Minicms 1.10
5.3
CVSSv3
CVE-2018-18890
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
1234n Minicms 1.10
9.8
CVSSv3
CVE-2018-18892
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
1234n Minicms 1.10
NA
CVE-2024-31741
Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote malicious user to run arbitrary code via crafted string in the URL after login.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3