Security Vulnerabilities - CVEs Published In May 2023
Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-05-08
Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-05-08
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-05-08
Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-08
File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-08
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-05-08
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-08
OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-05-08
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
CVSS Score
7.2
EPSS Score
0.004
Published
2023-05-08
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-05-08