Popojicms: >> Popojicms >> 1.2 Security Vulnerabilities
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-08-06
A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-06