PESCMS
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28092 | Med | 0.43 | 6.1 | 0.02 | Nov 17, 2020 | PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= | ||
| CVE-2021-31679 | Med | 0.42 | 6.5 | 0.01 | Jul 6, 2022 | An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers. | ||
| CVE-2021-31678 | Med | 0.42 | 6.5 | 0.01 | Jul 6, 2022 | An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company. | ||
| CVE-2021-31677 | Med | 0.42 | 6.5 | 0.01 | Jul 6, 2022 | An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords. | ||
| CVE-2024-30952 | Med | 0.40 | 6.1 | 0.00 | Apr 17, 2024 | A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action. | ||
| CVE-2021-31676 | Med | 0.40 | 6.1 | 0.01 | Jul 6, 2022 | A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction. |
- risk 0.43cvss 6.1epss 0.02
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords.
- risk 0.40cvss 6.1epss 0.00
A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action.
- risk 0.40cvss 6.1epss 0.01
A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction.