Xunruicms
by Xunruicms
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14008 | Med | 0.31 | 4.7 | 0.00 | Dec 4, 2025 | A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is… | ||
| CVE-2025-14004 | Med | 0.31 | 4.7 | 0.00 | Dec 4, 2025 | A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of… | ||
| CVE-2023-43962 | Med | 0.31 | 4.8 | 0.00 | Dec 9, 2024 | Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab. | ||
| CVE-2025-15144 | Med | 0.28 | 4.3 | 0.00 | Dec 28, 2025 | A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The… | ||
| CVE-2025-14006 | Low | 0.23 | 3.5 | 0.00 | Dec 4, 2025 | A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument… | ||
| CVE-2025-14005 | Low | 0.16 | 2.4 | 0.00 | Dec 4, 2025 | A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of the component Add Display Name Field. Executing a manipulation of the argument… | ||
| CVE-2025-14007 | Low | 0.13 | 2.0 | 0.00 | Dec 4, 2025 | A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from… | ||
| CVE-2025-60445 | 0.00 | — | 0.00 | Oct 3, 2025 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code… | |||
| CVE-2025-25957 | 0.00 | — | 0.00 | Feb 20, 2025 | Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script. | |||
| CVE-2024-31634 | 0.00 | — | 0.01 | Apr 16, 2024 | Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library. | |||
| CVE-2024-24389 | 0.00 | — | 0.00 | Mar 7, 2024 | A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter. | |||
| CVE-2024-24388 | 0.00 | — | 0.01 | Feb 2, 2024 | Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | |||
| CVE-2023-49490 | 0.00 | — | 0.00 | Dec 11, 2023 | XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php. | |||
| CVE-2021-38243 | 0.00 | — | 0.01 | Sep 26, 2023 | xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request. | |||
| CVE-2023-1680 | 0.00 | — | 0.01 | Mar 29, 2023 | A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2022-30037 | 0.00 | — | 0.01 | Mar 23, 2023 | XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php. | |||
| CVE-2022-36224 | 0.00 | — | 0.00 | Aug 19, 2022 | XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). | |||
| CVE-2019-17074 | 0.00 | — | 0.01 | Oct 1, 2019 | An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area. |
- risk 0.31cvss 4.7epss 0.00
A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is…
- risk 0.31cvss 4.7epss 0.00
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of…
- risk 0.31cvss 4.8epss 0.00
Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab.
- risk 0.28cvss 4.3epss 0.00
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The…
- risk 0.23cvss 3.5epss 0.00
A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument…
- risk 0.16cvss 2.4epss 0.00
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of the component Add Display Name Field. Executing a manipulation of the argument…
- risk 0.13cvss 2.0epss 0.00
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from…
- CVE-2025-60445Oct 3, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code…
- CVE-2025-25957Feb 20, 2025risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script.
- CVE-2024-31634Apr 16, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.
- CVE-2024-24389Mar 7, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.
- CVE-2024-24388Feb 2, 2024risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.
- CVE-2023-49490Dec 11, 2023risk 0.00cvss —epss 0.00
XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.
- CVE-2021-38243Sep 26, 2023risk 0.00cvss —epss 0.01
xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.
- CVE-2023-1680Mar 29, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been…
- CVE-2022-30037Mar 23, 2023risk 0.00cvss —epss 0.01
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.
- CVE-2022-36224Aug 19, 2022risk 0.00cvss —epss 0.00
XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).
- CVE-2019-17074Oct 1, 2019risk 0.00cvss —epss 0.01
An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area.