Xunruicms

Xunruicms

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-2131

Exploit
  • EPSS 0.06%
  • Veröffentlicht 09.03.2025 22:31:04
  • Zuletzt bearbeitet 11.03.2025 20:34:05

A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scri...

6.1

CVE-2025-25957

Exploit
  • EPSS 0.06%
  • Veröffentlicht 20.02.2025 23:15:13
  • Zuletzt bearbeitet 09.07.2025 14:52:36

Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script.

9.8

CVE-2025-1186

  • EPSS 0.11%
  • Veröffentlicht 12.02.2025 08:15:09
  • Zuletzt bearbeitet 03.07.2025 01:07:49

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be ...

9.8

CVE-2025-1177

Exploit
  • EPSS 0.09%
  • Veröffentlicht 11.02.2025 06:15:22
  • Zuletzt bearbeitet 20.02.2025 15:58:50

A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the at...

6.1

CVE-2024-31634

Exploit
  • EPSS 0.17%
  • Veröffentlicht 16.04.2024 04:15:08
  • Zuletzt bearbeitet 30.06.2025 18:05:48

Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.

6.1

CVE-2024-24389

  • EPSS 0.18%
  • Veröffentlicht 07.03.2024 02:15:51
  • Zuletzt bearbeitet 27.03.2025 21:15:46

A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.

6.1

CVE-2024-24388

Exploit
  • EPSS 0.05%
  • Veröffentlicht 02.02.2024 10:15:08
  • Zuletzt bearbeitet 05.06.2025 19:15:27

Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.

6.1

CVE-2023-49490

Exploit
  • EPSS 0.11%
  • Veröffentlicht 11.12.2023 21:15:07
  • Zuletzt bearbeitet 21.11.2024 08:33:28

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.

9.8

CVE-2021-38243

Exploit
  • EPSS 4.21%
  • Veröffentlicht 27.09.2023 15:15:54
  • Zuletzt bearbeitet 18.06.2025 15:15:19

xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.

7.5

CVE-2023-1680

Exploit
  • EPSS 0.1%
  • Veröffentlicht 29.03.2023 15:15:07
  • Zuletzt bearbeitet 21.11.2024 07:39:40

A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated r...