Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Finecms'
2018-01-09
CVE-2017-1000429
CWE-79
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.
2017-09-07
CVE-2017-14195
The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.
CVE-2017-14194
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
CVE-2017-14193
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
CVE-2017-14192
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.
2017-08-25
CVE-2017-13697
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
2017-08-09
CVE-2017-12774
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
2017-07-12
CVE-2017-11202
FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180.
CVE-2017-11201
application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action.
CVE-2017-11200
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Finecms' 