Security Vulnerabilities - CVEs Published In April 2022
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-04-26
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-26
ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-26
ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-26
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-04-26
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-26
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-26
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-04-26
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-26
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-04-26