VYPR
Vendor

BOSSCMS

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2022-28606CriMay 5, 2022
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.

  • CVE-2024-22938HigJan 30, 2024
    risk 0.51cvss 7.8epss 0.00

    Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.

  • CVE-2024-31609HigApr 25, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.

  • CVE-2022-44937MedNov 28, 2022
    risk 0.42cvss 6.5epss 0.00

    Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.

  • CVE-2024-31613MedJun 10, 2024
    risk 0.35cvss 5.4epss 0.00

    BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."