HkCms
by HkCms
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52677 | Cri | 0.64 | 9.8 | 0.01 | Nov 20, 2024 | HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. | ||
| CVE-2025-25761 | Hig | 0.47 | 7.2 | 0.00 | Feb 27, 2025 | HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php. | ||
| CVE-2023-40786 | Med | 0.35 | 5.4 | 0.00 | Sep 11, 2023 | HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen. | ||
| CVE-2023-1482 | Med | 0.31 | 4.7 | 0.01 | Mar 18, 2023 | A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to… | ||
| CVE-2025-5013 | Med | 0.28 | 4.3 | 0.01 | May 21, 2025 | A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to… |
- risk 0.64cvss 9.8epss 0.01
HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php.
- risk 0.47cvss 7.2epss 0.00
HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php.
- risk 0.35cvss 5.4epss 0.00
HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.
- risk 0.31cvss 4.7epss 0.01
A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to…
- risk 0.28cvss 4.3epss 0.01
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to…