RSS   Vulnerabilities for 'Minicms'   RSS

2022-06-24
 
CVE-2022-33121

CWE-352
 
 
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.

 
2022-02-10
 
CVE-2021-44970

CWE-79
 
 
MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.

 
2021-04-28
 
CVE-2020-17999

CWE-79
 
 
Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php".

 
2021-01-05
 
CVE-2020-36052

CWE-22
 
 
Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter.

 
 
CVE-2020-36051

CWE-22
 
 
Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter.

 
2019-07-05
 
CVE-2019-13341

CWE-79
 
 
In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie.

 
 
CVE-2019-13340

CWE-79
 
 
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186.

 
 
CVE-2019-13339

CWE-79
 
 
In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user's cookie.

 
2019-07-03
 
CVE-2019-13186

CWE-79
 
 
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520.

 
2019-03-06
 
CVE-2019-9603

CWE-352
 
 
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891.

 

Copyright 2024, cxsecurity.com

 

Back to Top