Shodan
Vulnerabilities
Vulnerable Software
5none:  >> Nonecms  Security Vulnerabilities
CVE-2020-18282
Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-05-08
CVE-2020-18647
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".
CVSS Score
7.5
EPSS Score
0.002
Published
2021-06-22
CVE-2020-18646
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".
CVSS Score
7.5
EPSS Score
0.002
Published
2021-06-22
CVE-2020-23371
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-05-10
CVE-2020-23373
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-05-10
CVE-2020-23374
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-05-10
CVE-2020-23376
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-05-10
CVE-2019-16721
NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-09-23
CVE-2018-20062
Known exploited
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.
CVSS Score
9.8
EPSS Score
0.93
Published
2018-12-11
CVE-2018-7219
application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-02-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved