gougufree

4 exploits Active since Jun 2023
CVE-2023-3035 GITEE LOW php
Guangdong Pythagorean OA Office System <4.50.31 - XSS
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230467.
3,351 stars
CVSS 3.5
CVE-2023-3029 GITEE MEDIUM php
Guangdong Pythagorean OA Office System <4.50.31 - CSRF
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.
3,351 stars
CVSS 4.3
CVE-2023-46394 GITEE MEDIUM php
gougucms 4.08.18 - Stored Cross-Site Scripting via headimgurl Parameter
A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.
619 stars
CVSS 5.4
CVE-2023-46393 GITEE HIGH php
gougucms v4.08.18 - Password Reset Poisoning via Crafted Packet
gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.
619 stars
CVSS 7.5