Vulnerabilities for Razorcms (...) - CXSECURITY.COM

Vulnerabilities for 'Razorcms'

2018-12-31

CVE-2018-19906

CWE-79

Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.

CVE-2018-19905

CWE-79

HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.

2018-10-04

CVE-2018-17986

CWE-352

rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.

2018-09-12

CVE-2018-16727

CWE-79

razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.

CVE-2018-16726

CWE-79

razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.

2012-11-26

CVE-2012-6038

CWE-22

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."

2012-11-19

CVE-2012-5918

CWE-264

razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.

2012-10-22

CVE-2012-1900

CWE-352

Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.

2011-11-22

CVE-2010-5051

CWE-79

Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.

2009-04-28

CVE-2009-1463

CWE-94

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file.

Copyright 2024, cxsecurity.com