Mipcms

mipcms

Vendor: Mipcms • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-18132 1Mipcms 1Mipcms Jan 29, 2025 May 8, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.
CVE-2020-19264 1Mipcms 1Mipcms Nov 21, 2024 Sep 9, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.
CVE-2020-19263 1Mipcms 1Mipcms Nov 21, 2024 Sep 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.
CVE-2020-20582 1Mipcms 1Mipcms Nov 21, 2024 Jul 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information.