BOSSCMS
by BOSSCMS
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-28606 | Cri | 0.64 | 9.8 | 0.01 | May 5, 2022 | An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. | ||
| CVE-2024-22938 | Hig | 0.51 | 7.8 | 0.00 | Jan 30, 2024 | Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. | ||
| CVE-2024-31609 | Hig | 0.46 | 7.1 | 0.00 | Apr 25, 2024 | Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. | ||
| CVE-2022-44937 | Med | 0.42 | 6.5 | 0.00 | Nov 28, 2022 | Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. | ||
| CVE-2024-31613 | Med | 0.35 | 5.4 | 0.00 | Jun 10, 2024 | BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code." |
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.
- risk 0.51cvss 7.8epss 0.00
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.
- risk 0.46cvss 7.1epss 0.00
Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.
- risk 0.42cvss 6.5epss 0.00
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.
- risk 0.35cvss 5.4epss 0.00
BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."