Hkcms

hkcms

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-5013 1Hkcms 1Hkcms Jun 17, 2025 May 21, 2025 5.3 MEDIUM· v4 4.7 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument...Show more A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-25761 1Hkcms 1Hkcms Apr 9, 2025 Feb 27, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php.
CVE-2024-52677 1Hkcms 1Hkcms Mar 13, 2025 Nov 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php.
CVE-2023-40786 1Hkcms 1Hkcms Nov 21, 2024 Sep 11, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.