Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Nukeviet Subscribe
Filtered by product Nukeviet

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30874 1 Nukeviet 1 Nukeviet 2022-06-29 3.5 LOW 5.4 MEDIUM
There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.
CVE-2020-21809 1 Nukeviet 1 Nukeviet 2021-08-03 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
CVE-2020-21808 1 Nukeviet 1 Nukeviet 2021-08-03 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php.
CVE-2020-22765 1 Nukeviet 1 Nukeviet 2021-08-03 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module.
CVE-2019-7725 1 Nukeviet 1 Nukeviet 2021-01-05 7.5 HIGH 9.8 CRITICAL
includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).
CVE-2019-7726 1 Nukeviet 1 Nukeviet 2021-01-05 7.5 HIGH 9.8 CRITICAL
modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).
CVE-2020-13157 1 Nukeviet 1 Nukeviet 2020-06-29 4.3 MEDIUM 6.5 MEDIUM
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.
CVE-2020-13156 1 Nukeviet 1 Nukeviet 2020-06-29 4.3 MEDIUM 6.5 MEDIUM
modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
CVE-2020-13155 1 Nukeviet 1 Nukeviet 2020-06-29 6.8 MEDIUM 8.8 HIGH
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.