VYPR

PESCMS

by PESCMS

CVEs (6)

  • CVE-2020-28092MedNov 17, 2020
    risk 0.43cvss 6.1epss 0.02

    PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=

  • CVE-2021-31679MedJul 6, 2022
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers.

  • CVE-2021-31678MedJul 6, 2022
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.

  • CVE-2021-31677MedJul 6, 2022
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords.

  • CVE-2024-30952MedApr 17, 2024
    risk 0.40cvss 6.1epss 0.00

    A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action.

  • CVE-2021-31676MedJul 6, 2022
    risk 0.40cvss 6.1epss 0.01

    A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction.