Vulnerabilities > Jizhicms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-01 | CVE-2020-21228 | Cross-site Scripting vulnerability in Jizhicms 1.5.1 JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | 6.1 |
| 2021-09-15 | CVE-2020-21483 | Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 1.5 An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | 7.2 |
| 2021-01-11 | CVE-2020-23644 | Cross-site Scripting vulnerability in Jizhicms 1.7.1 XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | 6.1 |
| 2021-01-11 | CVE-2020-23643 | Cross-site Scripting vulnerability in Jizhicms 1.7.1 XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | 6.1 |
| 2019-10-14 | CVE-2019-17593 | Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 1.5.1 JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator. | 8.8 |