PyPI package
lin-cms
pkg:pypi/lin-cms
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-44244 | — | <= 0.2.1 | — | Nov 9, 2022 | An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | ||
| CVE-2020-18699 | — | <= 0.1.1b2 | — | Aug 16, 2021 | Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'. | ||
| CVE-2020-18698 | — | — | — | Aug 16, 2021 | Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. |
- CVE-2022-44244Nov 9, 2022affected <= 0.2.1
An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.
- CVE-2020-18699Aug 16, 2021affected <= 0.1.1b2
Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'.
- CVE-2020-18698Aug 16, 2021
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.