Xunruicms

Xunruicms

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-2131

Exploit
  • EPSS 0.06%
  • Published 09.03.2025 22:31:04
  • Last modified 11.03.2025 20:34:05

A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scri...

6.1

CVE-2025-25957

Exploit
  • EPSS 0.06%
  • Published 20.02.2025 23:15:13
  • Last modified 09.07.2025 14:52:36

Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script.

9.8

CVE-2025-1186

  • EPSS 0.11%
  • Published 12.02.2025 08:15:09
  • Last modified 03.07.2025 01:07:49

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be ...

9.8

CVE-2025-1177

Exploit
  • EPSS 0.09%
  • Published 11.02.2025 06:15:22
  • Last modified 20.02.2025 15:58:50

A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the at...

6.1

CVE-2024-31634

Exploit
  • EPSS 0.17%
  • Published 16.04.2024 04:15:08
  • Last modified 30.06.2025 18:05:48

Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.

6.1

CVE-2024-24389

  • EPSS 0.18%
  • Published 07.03.2024 02:15:51
  • Last modified 27.03.2025 21:15:46

A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.

6.1

CVE-2024-24388

Exploit
  • EPSS 0.05%
  • Published 02.02.2024 10:15:08
  • Last modified 05.06.2025 19:15:27

Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.

6.1

CVE-2023-49490

Exploit
  • EPSS 0.11%
  • Published 11.12.2023 21:15:07
  • Last modified 21.11.2024 08:33:28

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.

9.8

CVE-2021-38243

Exploit
  • EPSS 4.21%
  • Published 27.09.2023 15:15:54
  • Last modified 18.06.2025 15:15:19

xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.

7.5

CVE-2023-1680

Exploit
  • EPSS 0.1%
  • Published 29.03.2023 15:15:07
  • Last modified 21.11.2024 07:39:40

A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated r...