VYPR

idcCMS

by idcCMS

CVEs (60)

  • CVE-2024-40336MedJul 10, 2024
    risk 0.40cvss 6.1epss 0.00

    idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'

  • CVE-2024-40035MedJul 9, 2024
    risk 0.38cvss 5.9epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.

  • CVE-2024-35557MedMay 22, 2024
    risk 0.36cvss 5.5epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-39021MedJul 5, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del

  • CVE-2024-39019MedJul 5, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del

  • CVE-2024-39119MedJul 2, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-35561MedMay 22, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.

  • CVE-2024-35554MedMay 22, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.

  • CVE-2024-34957MedMay 16, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.

  • CVE-2024-35011MedMay 14, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-33829MedMay 6, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.

  • CVE-2024-40038MedJul 9, 2024
    risk 0.34cvss 5.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev

  • CVE-2024-39153MedJun 27, 2024
    risk 0.31cvss 4.7epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.

  • CVE-2024-35560MedMay 22, 2024
    risk 0.28cvss 4.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.

  • CVE-2024-35551MedMay 22, 2024
    risk 0.28cvss 4.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.

  • CVE-2024-4172MedApr 25, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has…

  • CVE-2024-39157LowJun 27, 2024
    risk 0.25cvss 3.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.

  • CVE-2024-39156LowJun 27, 2024
    risk 0.25cvss 3.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.

  • CVE-2024-35039LowMay 16, 2024
    risk 0.25cvss 3.8epss 0.00

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.

  • CVE-2024-11587LowNov 21, 2024
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely.…

Page 3 of 3