Vulnerabilities > 74Cms

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-41471 Unspecified vulnerability in 74Cms 74Cmsse 3.12.0
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.
network
low complexity
74cms
6.5
6.5
2022-10-17 CVE-2022-41472 Cross-site Scripting vulnerability in 74Cms 74Cmsse 3.12.0
74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add.
network
low complexity
74cms CWE-79
5.4
5.4
2022-10-17 CVE-2022-42154 Unrestricted Upload of File with Dangerous Type vulnerability in 74Cms 74Cmsse 3.13.0
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
74cms CWE-434
critical
 9.8
9.8
2022-06-23 CVE-2022-32124 Cross-site Scripting vulnerability in 74Cms 74Cmsse 3.5.1
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.
network
low complexity
74cms CWE-79
6.1
6.1
2022-06-23 CVE-2022-32125 Cross-site Scripting vulnerability in 74Cms 74Cmsse 3.5.1
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.
network
low complexity
74cms CWE-79
6.1
6.1
2022-06-23 CVE-2022-32126 Cross-site Scripting vulnerability in 74Cms 74Cmsse 3.5.1
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company.
network
low complexity
74cms CWE-79
6.1
6.1
2022-06-23 CVE-2022-32127 Cross-site Scripting vulnerability in 74Cms 74Cmsse 3.5.1
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total.
network
low complexity
74cms CWE-79
6.1
6.1
2022-06-23 CVE-2022-32128 Cross-site Scripting vulnerability in 74Cms 74Cmsse 3.5.1
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im.
network
low complexity
74cms CWE-79
6.1
6.1
2022-06-23 CVE-2022-32129 Cross-site Scripting vulnerability in 74Cms 74Cmsse 3.5.1
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade.
network
low complexity
74cms CWE-79
6.1
6.1
2022-06-23 CVE-2022-32130 Cross-site Scripting vulnerability in 74Cms 74Cmsse 3.5.1
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature.
network
low complexity
74cms CWE-79
6.1
6.1