Vulnerabilities (CVE)

Filtered by vendor Finecms Subscribe

Filtered by product Finecms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-7476	1 Finecms	1 Finecms	2018-03-16	4.3 MEDIUM	6.1 MEDIUM
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character.
CVE-2017-16866	1 Finecms	1 Finecms	2017-12-04	4.3 MEDIUM	6.1 MEDIUM
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
CVE-2017-11629	1 Finecms	1 Finecms	2017-08-09	4.3 MEDIUM	6.1 MEDIUM
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
CVE-2017-11581	1 Finecms	1 Finecms	2017-07-28	4.3 MEDIUM	6.1 MEDIUM
dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.
CVE-2017-11586	1 Finecms	1 Finecms	2017-07-28	5.8 MEDIUM	6.1 MEDIUM
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.