idcCMS
by idcCMS
CVEs (60)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-40336 | Med | 0.40 | 6.1 | 0.00 | Jul 10, 2024 | idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.' | ||
| CVE-2024-40035 | Med | 0.38 | 5.9 | 0.00 | Jul 9, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. | ||
| CVE-2024-35557 | Med | 0.36 | 5.5 | 0.00 | May 22, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close. | ||
| CVE-2024-39021 | Med | 0.35 | 5.4 | 0.00 | Jul 5, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del | ||
| CVE-2024-39019 | Med | 0.35 | 5.4 | 0.00 | Jul 5, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del | ||
| CVE-2024-39119 | Med | 0.35 | 5.4 | 0.00 | Jul 2, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close. | ||
| CVE-2024-35561 | Med | 0.35 | 5.4 | 0.00 | May 22, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close. | ||
| CVE-2024-35554 | Med | 0.35 | 5.4 | 0.00 | May 22, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN. | ||
| CVE-2024-34957 | Med | 0.35 | 5.4 | 0.00 | May 16, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet. | ||
| CVE-2024-35011 | Med | 0.35 | 5.4 | 0.00 | May 14, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close. | ||
| CVE-2024-33829 | Med | 0.35 | 5.4 | 0.00 | May 6, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. | ||
| CVE-2024-40038 | Med | 0.34 | 5.3 | 0.00 | Jul 9, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev | ||
| CVE-2024-39153 | Med | 0.31 | 4.7 | 0.00 | Jun 27, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN. | ||
| CVE-2024-35560 | Med | 0.28 | 4.3 | 0.00 | May 22, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN. | ||
| CVE-2024-35551 | Med | 0.28 | 4.3 | 0.00 | May 22, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add. | ||
| CVE-2024-4172 | Med | 0.28 | 4.3 | 0.00 | Apr 25, 2024 | A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has… | ||
| CVE-2024-39157 | Low | 0.25 | 3.8 | 0.00 | Jun 27, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. | ||
| CVE-2024-39156 | Low | 0.25 | 3.8 | 0.00 | Jun 27, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. | ||
| CVE-2024-35039 | Low | 0.25 | 3.8 | 0.00 | May 16, 2024 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area. | ||
| CVE-2024-11587 | Low | 0.23 | 3.5 | 0.01 | Nov 21, 2024 | A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely.… |
- risk 0.40cvss 6.1epss 0.00
idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'
- risk 0.38cvss 5.9epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.
- risk 0.36cvss 5.5epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.
- risk 0.35cvss 5.4epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del
- risk 0.35cvss 5.4epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del
- risk 0.35cvss 5.4epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.
- risk 0.35cvss 5.4epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.
- risk 0.35cvss 5.4epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.
- risk 0.35cvss 5.4epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
- risk 0.35cvss 5.4epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
- risk 0.35cvss 5.4epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
- risk 0.34cvss 5.3epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev
- risk 0.31cvss 4.7epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.
- risk 0.28cvss 4.3epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.
- risk 0.28cvss 4.3epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has…
- risk 0.25cvss 3.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.
- risk 0.25cvss 3.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.
- risk 0.25cvss 3.8epss 0.00
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
- risk 0.23cvss 3.5epss 0.01
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely.…
Page 3 of 3