← Back

Xiaocheng Keji

xiaocheng-keji

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
71cms
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-25187
1Xiaocheng Keji
171cms
Jun 10, 2025
Apr 2, 2024
N/A· v4
8.6 HIGH· v3
N/A· v2
Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.
CVE-2024-25166
1Xiaocheng Keji
171cms
May 23, 2025
Feb 27, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file.