Vulnerabilities > Douco

DATE CVE VULNERABILITY TITLE RISK
2023-01-13 CVE-2022-46438 Cross-site Scripting vulnerability in Douco Douphp 1.720221118
A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.
network
low complexity
douco CWE-79
5.4
5.4
2022-03-30 CVE-2022-24131 Cross-site Scripting vulnerability in Douco Douphp 1.6
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.
network
douco CWE-79
4.3
4.3
2022-03-25 CVE-2022-25574 Cross-site Scripting vulnerability in Douco Douphp 1.6
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.
network
low complexity
douco CWE-79
4.8
4.8
2021-12-08 CVE-2021-3370 Cross-site Scripting vulnerability in Douco Douphp 1.6
DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.
network
douco CWE-79
4.3
4.3
2019-06-03 CVE-2019-12564 Improper Authentication vulnerability in Douco Douphp 1.5
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.
network
low complexity
douco CWE-287
5.0
5.0
2018-12-28 CVE-2018-20567 Incorrect Permission Assignment for Critical Resource vulnerability in Douco Douphp 1.5
An issue was discovered in DouCo DouPHP 1.5 20181221.
network
low complexity
douco CWE-732
5.0
5.0
2018-12-28 CVE-2018-20566 Path Traversal vulnerability in Douco Douphp 1.5
An issue was discovered in DouCo DouPHP 1.5 20181221.
network
low complexity
douco CWE-22
5.0
5.0
2018-12-28 CVE-2018-20565 Cross-site Scripting vulnerability in Douco Douphp 1.5
An issue was discovered in DouCo DouPHP 1.5 20181221.
network
douco CWE-79
3.5
3.5
2018-12-28 CVE-2018-20564 Cross-site Scripting vulnerability in Douco Douphp 1.5
An issue was discovered in DouCo DouPHP 1.5 20181221.
network
douco CWE-79
3.5
3.5
2018-12-28 CVE-2018-20563 Cross-site Scripting vulnerability in Douco Douphp 1.5
An issue was discovered in DouCo DouPHP 1.5 20181221.
network
douco CWE-79
3.5
3.5