Vulnerabilities > 5None > Nonecms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-08 | CVE-2020-18282 | Cross-site Scripting vulnerability in 5None Nonecms 1.3.0 Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature. | 6.1 |
| 2021-05-10 | CVE-2020-23371 | Cross-site Scripting vulnerability in 5None Nonecms 1.3.0 Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter. | 6.1 |
| 2021-05-10 | CVE-2020-23373 | Cross-site Scripting vulnerability in 5None Nonecms 1.3.0 Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. | 5.4 |
| 2021-05-10 | CVE-2020-23374 | Cross-site Scripting vulnerability in 5None Nonecms 1.3.0 Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. | 5.4 |
| 2021-05-10 | CVE-2020-23376 | Cross-Site Request Forgery (CSRF) vulnerability in 5None Nonecms 1.3.0 NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack. | 6.1 |
| 2019-09-23 | CVE-2019-16721 | Cross-Site Request Forgery (CSRF) vulnerability in 5None Nonecms 1.3.0 NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. | 6.5 |
| 2018-01-23 | CVE-2018-6022 | Path Traversal vulnerability in 5None Nonecms 1.1.0/1.2.0/1.3.0 Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter. | 6.5 |