Boiteasite
Products
3- 5 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-51468 | Cri | 0.65 | 10.0 | 0.01 | Dec 29, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | ||
| CVE-2023-51470 | Cri | 0.64 | 9.9 | 0.01 | Dec 29, 2023 | Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. | ||
| CVE-2018-15567 | Med | 0.33 | 6.1 | 0.01 | Aug 20, 2018 | CMSUno before 1.5.3 has XSS via the title field. | ||
| CVE-2021-36654 | 0.03 | — | 0.02 | Aug 3, 2021 | CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. | |||
| CVE-2020-25538 | 0.03 | — | 0.10 | Nov 13, 2020 | An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. | |||
| CVE-2020-15600 | 0.03 | — | 0.02 | Jul 7, 2020 | An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. | |||
| CVE-2021-40889 | 0.00 | — | 0.02 | Oct 11, 2021 | CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject… |
- risk 0.65cvss 10.0epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.
- risk 0.64cvss 9.9epss 0.01
Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1.
- risk 0.33cvss 6.1epss 0.01
CMSUno before 1.5.3 has XSS via the title field.
- CVE-2021-36654Aug 3, 2021risk 0.03cvss —epss 0.02
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.
- CVE-2020-25538Nov 13, 2020risk 0.03cvss —epss 0.10
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
- CVE-2020-15600Jul 7, 2020risk 0.03cvss —epss 0.02
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
- CVE-2021-40889Oct 11, 2021risk 0.00cvss —epss 0.02
CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject…