Bosscms: >> Bosscms Security Vulnerabilities
BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."
CVSS Score
5.4
EPSS Score
0.0
Published
2024-06-10
Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-04-25
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-01-30
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-11-28
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-05-05