Vulnerabilities > 1234N > Minicms

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-46378 Cross-site Scripting vulnerability in 1234N Minicms 1.11
Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.
network
low complexity
1234n CWE-79
5.4
2023-02-24 CVE-2021-33387 Cross-site Scripting vulnerability in 1234N Minicms 1.10
Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.
network
low complexity
1234n CWE-79
critical
9.6
2022-06-28 CVE-2020-19896 Unspecified vulnerability in 1234N Minicms 1.9
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
network
low complexity
1234n
7.5
2022-06-24 CVE-2022-33121 Cross-Site Request Forgery (CSRF) vulnerability in 1234N Minicms 1.11
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
network
1234n CWE-352
5.8
2022-06-13 CVE-2021-41663 Cross-site Scripting vulnerability in 1234N Minicms 1.11
A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11.
network
1234n CWE-79
4.3
2022-02-10 CVE-2021-44970 Cross-site Scripting vulnerability in 1234N Minicms 1.11
MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.
network
1234n CWE-79
3.5
2021-04-28 CVE-2020-17999 Cross-site Scripting vulnerability in 1234N Minicms 1.10
Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php".
network
1234n CWE-79
4.3
2021-01-05 CVE-2020-36052 Path Traversal vulnerability in 1234N Minicms 1.10
Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter.
network
low complexity
1234n CWE-22
7.5
2021-01-05 CVE-2020-36051 Path Traversal vulnerability in 1234N Minicms 1.10
Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter.
network
low complexity
1234n CWE-22
5.0
2019-07-05 CVE-2019-13341 Cross-site Scripting vulnerability in 1234N Minicms 1.10
In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie.
network
1234n CWE-79
3.5