Vulnerabilities > Jizhicms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-02 | CVE-2023-43836 | SQL Injection vulnerability in Jizhicms 2.4.9 There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | 6.5 |
| 2023-05-19 | CVE-2023-31862 | Cross-site Scripting vulnerability in Jizhicms 2.4.6 jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
| 2023-03-15 | CVE-2023-27234 | Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.4.5 A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | 6.5 |
| 2021-10-01 | CVE-2020-21228 | Cross-site Scripting vulnerability in Jizhicms 1.5.1 JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | 6.1 |
| 2021-01-11 | CVE-2020-23644 | Cross-site Scripting vulnerability in Jizhicms 1.7.1 XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | 6.1 |
| 2021-01-11 | CVE-2020-23643 | Cross-site Scripting vulnerability in Jizhicms 1.7.1 XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | 6.1 |