Nonecms

nonecms

Vendor: 5none • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-18282 15none 1Nonecms Jan 29, 2025 May 8, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.
CVE-2020-18647 15none 1Nonecms Nov 21, 2024 Jun 22, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".
CVE-2020-18646 15none 1Nonecms Nov 21, 2024 Jun 22, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".
CVE-2020-23376 15none 1Nonecms Nov 21, 2024 May 10, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a store...Show more NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.Show less
CVE-2020-23374 15none 1Nonecms Nov 21, 2024 May 10, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23373 15none 1Nonecms Nov 21, 2024 May 10, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23371 15none 1Nonecms Nov 21, 2024 May 10, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVE-2019-16721 15none 1Nonecms Nov 21, 2024 Sep 23, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.
CVE-2018-20062 15none 1Nonecms Nov 7, 2025 Dec 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&f...Show more An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.Show less
CVE-2018-7219 15none 1Nonecms Nov 21, 2024 Feb 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.
CVE-2018-6029 15none 1Nonecms Nov 21, 2024 Jan 23, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL...Show more The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring.Show less
CVE-2018-6022 15none 1Nonecms Nov 21, 2024 Jan 23, 2018 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the par...Show more Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.Show less