Gitee Exploits
415 exploits tracked across all sources.
huang-yk student-manage 1.0 - Cross-Site Scripting via Class Parameter
A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by huang-yk
Jspxcms v9.0.0 - Server-Side Request Forgery
Jspxcms v9.0.0 allows SSRF.
by jspxcms
Jspxcms 10.2.0 - Remote Code Execution via Freemarker Template Utility
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.
by jspxcms
Jspxcms v10.2.0 - Server-Side Request Forgery via /cmscp/ext/collect/fetch_url.do URL Parameter
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
by jspxcms
coder-chain_gdut - Cross-Site Scripting in /back/index.php/user/User
A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095.
by csliuwy
Jspxcms v10.2.0 - Cross-Site Scripting via choose_style_tree.do Interface
There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.
by jspxcms
DuxCMS 2.1 - Unauthenticated Arbitrary PHP File Upload via AdminUpload Endpoint
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.
by annyshow
DuxCMS 2.1 - Path Traversal and Arbitrary File Deletion via AdminBackup Endpoint
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.
by annyshow
DuxCMS 2.1 - Cross-Site Request Forgery via article/admin/content/add
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.
by annyshow
DuxCMS 2.1 - Cross-Site Scripting in Article Handler
A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.
by annyshow
DuxCMS 2.1 - Cross-Site Request Forgery
A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.
by annyshow
DuxCMS 2.1 - Stored Cross-Site Scripting via Content, Time, or Copyfrom Parameters
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.
by annyshow
Xiuno BBS 4.0 - XML External Entity Injection via WeChat Public Plugin Token Route
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.
CVSS 7.5
JPress 1.0.4 - Cross-Site Scripting via Markdown Input
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
CVSS 5.4
Xiuno BBS 4.0.4 - Username Enumeration via route\user.php
An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.
CVSS 5.3
Xiuno BBS 4.0.4 - Cross-Site Scripting via Install Component Doctype Manipulation
A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.
CVSS 6.1
Xiuno BBS 4.0.4 - Stored Cross-Site Scripting via sitename Parameter
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.
CVSS 6.1
Xiuno BBS 4.0.4 - Stored Cross-Site Scripting via Site Brief Parameter
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.
CVSS 6.1
Cscms Music Portal System v4.2 - Open Redirect via backurl Parameter
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
CVSS 5.4
DSCMS v3.0 - Arbitrary File Deletion via Adv.php Controller
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php.
CVSS 9.1
baijiacms v4 - Unrestricted Upload of File with Dangerous Type
Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.
by cui-yiwei
CVSS 9.8
CTF-hacker pwn - Cross-Site Request Forgery in delete.html
A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.
by CTF-hacker
CVSS 4.3
ehuacui-bbs - Cross-Site Scripting via Username Parameter
A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388.
CVSS 3.5
Rockoa 2.3.2 - Code Injection in Configuration File Handler
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.
CVSS 6.3
Ehuacui BBS - Cross-Site Scripting via Login Parameter
Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter.
CVSS 8.2
By Source