Filtered by vendor Xunruicms
Subscribe
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24389 | 1 Xunruicms | 1 Xunruicms | 2025-03-27 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter. | |||||
| CVE-2025-2131 | 1 Xunruicms | 1 Xunruicms | 2025-03-11 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1177 | 1 Xunruicms | 1 Xunruicms | 2025-02-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-24388 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | |||||
| CVE-2023-49490 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | N/A | 6.1 MEDIUM |
| XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php. | |||||
| CVE-2023-1683 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224240. | |||||
| CVE-2023-1682 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224239. | |||||
| CVE-2023-1681 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224238 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-36224 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | N/A | 8.8 HIGH |
| XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-30037 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | N/A | 7.2 HIGH |
| XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php. | |||||
| CVE-2021-38243 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | N/A | 9.8 CRITICAL |
| xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request. | |||||
| CVE-2019-17074 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area. | |||||