VYPR

gougucms

by gougucms

CVEs (5)

  • CVE-2023-46393HigOct 27, 2023
    risk 0.49cvss 7.5epss 0.00

    gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.

  • CVE-2026-5248MedApr 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object…

  • CVE-2023-46394MedOct 27, 2023
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.

  • CVE-2026-5249LowApr 1, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible…

  • CVE-2025-2366LowMar 17, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. This affects the function add of the file /admin/department/add of the component Add Department Page. The manipulation of the argument title leads to cross site scripting. It is possible to…