Vulnerabilities (CVE)

Filtered by vendor 5none Subscribe

Filtered by product Nonecms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-23376	1 5none	1 Nonecms	2022-07-10	4.3 MEDIUM	6.1 MEDIUM
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
CVE-2020-23371	1 5none	1 Nonecms	2021-05-13	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVE-2020-23373	1 5none	1 Nonecms	2021-05-12	3.5 LOW	5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23374	1 5none	1 Nonecms	2021-05-12	3.5 LOW	5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2019-16721	1 5none	1 Nonecms	2019-09-23	5.8 MEDIUM	6.5 MEDIUM
NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.
CVE-2018-6022	1 5none	1 Nonecms	2018-02-12	5.5 MEDIUM	6.5 MEDIUM
Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.