Vulnerabilities > Hongcms Project > Hongcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-28 | CVE-2020-21643 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. | 6.1 |
| 2021-10-04 | CVE-2020-21431 | Unspecified vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. | 6.5 |
| 2019-10-16 | CVE-2019-17611 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. | 6.1 |
| 2019-10-16 | CVE-2019-17610 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. | 6.1 |
| 2019-10-16 | CVE-2019-17609 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. | 6.1 |
| 2019-10-16 | CVE-2019-17608 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. | 6.1 |
| 2019-10-16 | CVE-2019-17607 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php servername parameter. | 6.1 |
| 2019-09-25 | CVE-2019-16867 | Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. | 6.5 |
| 2019-02-17 | CVE-2019-8407 | Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. | 6.5 |
| 2018-06-13 | CVE-2018-12266 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. | 6.1 |