Vulnerabilities > Joyplus CMS Project

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-12	CVE-2018-10073	Cross-site Scripting vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. network low complexity joyplus-cms-project CWE-79	4.8
2018-04-11	CVE-2018-10028	Information Exposure vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. network low complexity joyplus-cms-project CWE-200	5.3
2018-03-18	CVE-2018-8767	Cross-site Scripting vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter. network low complexity joyplus-cms-project CWE-79	4.8
2018-03-18	CVE-2018-8766	Unrestricted Upload of File with Dangerous Type vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. network low complexity joyplus-cms-project CWE-434 critical	9.8
2018-03-15	CVE-2018-8717	Cross-Site Request Forgery (CSRF) vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request. network low complexity joyplus-cms-project CWE-352	8.8

Vulnerabilities > Joyplus CMS Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Joyplus CMS Project"}]}