Vulnerabilities > Chshcms > Cscms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-24 | CVE-2019-6779 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8 Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. | 5.8 |
| 2018-09-17 | CVE-2018-17125 | Path Traversal vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | 6.4 |
| 2018-09-08 | CVE-2018-16732 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1 \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | 6.8 |
| 2018-09-08 | CVE-2018-16730 | Cross-site Scripting vulnerability in Chshcms Cscms 4.1 \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. | 4.3 |
| 2018-09-04 | CVE-2018-16448 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.0 Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | 6.8 |
| 2018-09-02 | CVE-2018-16337 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8 An issue was discovered in Cscms V4.1.8. | 4.3 |