Gitee Exploits
415 exploits tracked across all sources.
Huang-yk Student-manage - Code Injection
A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by huang-yk
Ujcms Jspxcms - Unrestricted File Upload
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.
by jspxcms
Ujcms Jspxcms - SSRF
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
by jspxcms
csliuwy coder-chain_gdut - XSS
A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095.
by csliuwy
Jspxcms v10.2.0 - XSS
There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.
by jspxcms
Duxcms - Unrestricted File Upload
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.
by annyshow
Duxcms - Path Traversal
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.
by annyshow
Duxcms - CSRF
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.
by annyshow
DuxCMS 2.1 - XSS
A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.
by annyshow
DuxCMS 2.1 - CSRF
A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.
by annyshow
DuxCMS 2.1 - XSS
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.
by annyshow
Xiunobbs - XXE
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.
CVSS 7.5
Jpress - XSS
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
CVSS 5.4
Xiuno BBS <4.0.4 - Info Disclosure
An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.
CVSS 5.3
Xiunobbs - XSS
A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.
CVSS 6.1
Xiunobbs - XSS
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.
CVSS 6.1
Xiunobbs - XSS
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.
CVSS 6.1
Chshcms Cscms - Open Redirect
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
CVSS 5.4
DSCMS v3.0 - Path Traversal
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php.
CVSS 9.1
Baijiacms - Unrestricted File Upload
Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.
by cui-yiwei
CVSS 9.8
CTF-hacker pwn - CSRF
A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.
by CTF-hacker
CVSS 4.3
Ehuacui-bbs - XSS
A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388.
CVSS 3.5
Rockoa 2.3.2 - Code Injection
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.
CVSS 6.3
Ehuacui BBS - XSS
Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter.
CVSS 8.2
By Source