VYPR
Vendor

Sansanyun

Products
2
CVEs
7
Across products
7
Status
Private

Products

2

Recent CVEs

7
  • CVE-2020-19263HigSep 9, 2021
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.

  • CVE-2023-33751MedMay 25, 2023
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php.

  • CVE-2023-33750MedMay 25, 2023
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd.

  • CVE-2024-48234MedOct 25, 2024
    risk 0.32cvss 4.9epss 0.00

    An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that…

  • CVE-2024-48232MedOct 25, 2024
    risk 0.32cvss 4.9epss 0.00

    An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF)…

  • CVE-2024-48233MedOct 25, 2024
    risk 0.31cvss 4.8epss 0.00

    mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter.

  • CVE-2020-18132MedMay 8, 2023
    risk 0.31cvss 4.8epss 0.00

    Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.