Vulnerabilities > Hkcms

DATE CVE VULNERABILITY TITLE RISK
2024-11-20 CVE-2024-52677 Unrestricted Upload of File with Dangerous Type vulnerability in Hkcms 2.3.0.230709
HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php.
network
low complexity
hkcms CWE-434
critical
9.8
2023-09-11 CVE-2023-40786 Cross-site Scripting vulnerability in Hkcms 2.3.0.230709
HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.
network
low complexity
hkcms CWE-79
5.4