Xunruicms

Xunruicms

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-14008

Exploit
  • EPSS 0.04%
  • Veröffentlicht 04.12.2025 15:15:56
  • Zuletzt bearbeitet 05.12.2025 20:16:38

A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-s...

6.1

CVE-2025-14007

Exploit
  • EPSS 0.03%
  • Veröffentlicht 04.12.2025 14:32:08
  • Zuletzt bearbeitet 05.12.2025 15:05:28

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The at...

6.1

CVE-2025-14006

Exploit
  • EPSS 0.03%
  • Veröffentlicht 04.12.2025 14:32:06
  • Zuletzt bearbeitet 05.12.2025 15:26:58

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The m...

6.1

CVE-2025-14005

Exploit
  • EPSS 0.03%
  • Veröffentlicht 04.12.2025 13:32:08
  • Zuletzt bearbeitet 05.12.2025 15:31:50

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of the component Add Display Name Field. Executing man...

9.8

CVE-2025-14004

Exploit
  • EPSS 0.04%
  • Veröffentlicht 04.12.2025 13:32:06
  • Zuletzt bearbeitet 08.12.2025 13:39:13

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing manipulation results in server-side request forge...

6.1

CVE-2025-60445

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.10.2025 00:00:00
  • Zuletzt bearbeitet 10.10.2025 16:22:12

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to injec...

4.8

CVE-2025-2131

Exploit
  • EPSS 0.07%
  • Veröffentlicht 09.03.2025 22:31:04
  • Zuletzt bearbeitet 11.03.2025 20:34:05

A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scri...

6.1

CVE-2025-25957

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.02.2025 23:15:13
  • Zuletzt bearbeitet 09.07.2025 14:52:36

Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script.

9.8

CVE-2025-1186

  • EPSS 0.17%
  • Veröffentlicht 12.02.2025 08:15:09
  • Zuletzt bearbeitet 03.07.2025 01:07:49

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be ...

9.8

CVE-2025-1177

Exploit
  • EPSS 0.16%
  • Veröffentlicht 11.02.2025 06:15:22
  • Zuletzt bearbeitet 20.02.2025 15:58:50

A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the at...