taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-05
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
CVSS Score
4.9
EPSS Score
0.006
Published
2022-02-04
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-02-11