Vulnerabilities > Finecms Project > Finecms > 5.0.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-14195 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer. | 6.1 |
| 2017-09-07 | CVE-2017-14194 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | 6.1 |
| 2017-09-07 | CVE-2017-14193 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | 6.1 |
| 2017-09-07 | CVE-2017-14192 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. | 6.1 |
| 2017-08-25 | CVE-2017-13697 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. | 6.1 |
| 2017-07-12 | CVE-2017-11178 | Insufficient Verification of Data Authenticity vulnerability in Finecms Project Finecms In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. | 7.5 |
| 2017-07-06 | CVE-2017-10973 | Server-Side Request Forgery (SSRF) vulnerability in Finecms Project Finecms In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | 6.5 |
| 2017-03-07 | CVE-2017-6511 | Cross-site Scripting vulnerability in Finecms Project Finecms andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. | 6.1 |