Wcms: Security Vulnerabilities
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-07
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.
CVSS Score
8.6
EPSS Score
0.013
Published
2021-04-07
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-07
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-07-23
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-04-20
Page 2