Hk_Cms

3 exploits Active since Mar 2023
CVE-2023-40786 GITEE MEDIUM php
HKcms <2.3.0.230709 - XSS
HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.
412 stars
CVSS 5.4
CVE-2023-1482 GITEE MEDIUM php
HkCms 2.2.4.230206 - Code Injection
A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability.
412 stars
CVSS 4.7
CVE-2025-5013 GITEE MEDIUM php
HkCms <2.3.2.240702 - XSS
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
412 stars
CVSS 4.3