CVE-2026-5249
- EPSS 0.2%
- Veröffentlicht 01.04.2026 01:30:16
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross si...
CVE-2026-5248
- EPSS 0.24%
- Veröffentlicht 01.04.2026 00:45:12
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamicall...
CVE-2025-2366
- EPSS 0.3%
- Veröffentlicht 17.03.2025 07:00:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. This affects the function add of the file /admin/department/add of the component Add Department Page. The manipulation of the argument title leads to cross site scri...
CVE-2023-46393
- EPSS 0.45%
- Veröffentlicht 27.10.2023 14:15:08
- Zuletzt bearbeitet 21.11.2024 08:28:26
gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.
CVE-2023-46394
- EPSS 0.35%
- Veröffentlicht 27.10.2023 14:15:08
- Zuletzt bearbeitet 21.11.2024 08:28:26
A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.