Xunruicms

Xunruicms

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-31634

Exploit
  • EPSS 0.13%
  • Veröffentlicht 16.04.2024 04:15:08
  • Zuletzt bearbeitet 30.06.2025 18:05:48

Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.

6.1

CVE-2024-24389

  • EPSS 0.18%
  • Veröffentlicht 07.03.2024 02:15:51
  • Zuletzt bearbeitet 27.03.2025 21:15:46

A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.

6.1

CVE-2024-24388

Exploit
  • EPSS 0.05%
  • Veröffentlicht 02.02.2024 10:15:08
  • Zuletzt bearbeitet 05.06.2025 19:15:27

Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.

6.1

CVE-2023-49490

Exploit
  • EPSS 0.11%
  • Veröffentlicht 11.12.2023 21:15:07
  • Zuletzt bearbeitet 21.11.2024 08:33:28

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.

9.8

CVE-2021-38243

Exploit
  • EPSS 4.21%
  • Veröffentlicht 27.09.2023 15:15:54
  • Zuletzt bearbeitet 18.06.2025 15:15:19

xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.

7.5

CVE-2023-1680

Exploit
  • EPSS 0.1%
  • Veröffentlicht 29.03.2023 15:15:07
  • Zuletzt bearbeitet 21.11.2024 07:39:40

A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated r...

7.5

CVE-2023-1683

Exploit
  • EPSS 0.04%
  • Veröffentlicht 29.03.2023 01:15:10
  • Zuletzt bearbeitet 21.11.2024 07:39:41

A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launch...

7.5

CVE-2023-1682

Exploit
  • EPSS 0.09%
  • Veröffentlicht 29.03.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 07:39:41

A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launche...

7.5

CVE-2023-1681

Exploit
  • EPSS 0.1%
  • Veröffentlicht 28.03.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 07:39:40

A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. ...

7.2

CVE-2022-30037

Exploit
  • EPSS 0.09%
  • Veröffentlicht 23.03.2023 02:15:12
  • Zuletzt bearbeitet 21.11.2024 07:02:06

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.