Bosscms

bosscms

Vendor: Bosscms • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-31613 1Bosscms 1Bosscms Jun 10, 2025 Jun 10, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."
CVE-2024-31609 1Bosscms 1Bosscms Apr 18, 2025 Apr 25, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.
CVE-2024-22938 1Bosscms 1Bosscms May 29, 2025 Jan 30, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.
CVE-2022-44937 1Bosscms 1Bosscms Apr 25, 2025 Nov 28, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.
CVE-2022-28606 1Bosscms 1Bosscms Nov 21, 2024 May 5, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.