Nodcms

nodcms

Vendor: Nodcms • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-20054 1Nodcms 1Nodcms Apr 14, 2026 Apr 4, 2026 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submittin...Show more Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.Show less
CVE-2023-3641 1Nodcms 1Nodcms Nov 21, 2024 Jul 12, 2023 N/A· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The...Show more A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument comment_name/comment_content leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233887.Show less
CVE-2020-20697 1Nodcms 1Nodcms Dec 10, 2024 Jun 20, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter.