Vulnerabilities (CVE)

Filtered by vendor Tpmecms Subscribe
Filtered by product Tpmecms
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-44684 1 Tpmecms 1 Tpmecms 2024-09-04 N/A 6.1 MEDIUM
TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields.
CVE-2024-7900 1 Tpmecms 1 Tpmecms 2024-08-20 3.3 LOW 4.8 MEDIUM
A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact address/copyright/technical support leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.