RSS   Vulnerabilities for 'Jizhicms'   RSS

2022-06-09
 
CVE-2022-31390

CWE-918
 

 
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.

 
 
CVE-2022-31393

CWE-918
 

 
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

 
2021-10-01
 
CVE-2020-21228

CWE-79
 

 
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.

 
2021-01-11
 
CVE-2020-23644

CWE-79
 

 
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.

 
 
CVE-2020-23643

CWE-79
 

 
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top