Vendor
skycaiji
Products
1
CVEs
5
Across products
5
Status
Private
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39243 | Cri | 0.64 | 9.8 | 0.00 | Jun 26, 2024 | An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save. | ||
| CVE-2022-28096 | Hig | 0.48 | 7.2 | 0.20 | May 4, 2022 | Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. | ||
| CVE-2024-39242 | Med | 0.40 | 6.1 | 0.00 | Jun 26, 2024 | A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). | ||
| CVE-2024-39241 | Med | 0.40 | 6.1 | 0.00 | Jun 26, 2024 | Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview. | ||
| CVE-2023-33394 | Med | 0.35 | 5.4 | 0.00 | May 26, 2023 | skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data. |
- risk 0.64cvss 9.8epss 0.00
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.
- risk 0.48cvss 7.2epss 0.20
Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()).
- risk 0.40cvss 6.1epss 0.00
Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview.
- risk 0.35cvss 5.4epss 0.00
skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data.