Vulnerabilities (CVE)

Filtered by vendor Chshcms Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-30898	1 Chshcms	1 Cscms	2022-06-17	4.3 MEDIUM	6.5 MEDIUM
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.
CVE-2019-9598	1 Chshcms	1 Cscms	2019-03-08	4.3 MEDIUM	6.5 MEDIUM
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
CVE-2018-16337	1 Chshcms	1 Cscms	2018-10-25	4.3 MEDIUM	6.5 MEDIUM
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
CVE-2018-16730	1 Chshcms	1 Cscms	2018-10-19	4.3 MEDIUM	6.1 MEDIUM
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.