VYPR

skycaiji

by skycaiji

CVEs (5)

  • CVE-2024-39243CriJun 26, 2024
    risk 0.64cvss 9.8epss 0.00

    An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.

  • CVE-2022-28096HigMay 4, 2022
    risk 0.48cvss 7.2epss 0.20

    Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.

  • CVE-2024-39242MedJun 26, 2024
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()).

  • CVE-2024-39241MedJun 26, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview.

  • CVE-2023-33394MedMay 26, 2023
    risk 0.35cvss 5.4epss 0.00

    skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data.