Vulnerabilities > Mipcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-08 CVE-2020-18132 Cross-site Scripting vulnerability in Mipcms 3.6.0
Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.
network
low complexity
mipcms CWE-79
4.8
4.8
2021-09-09 CVE-2020-19264 Cross-Site Request Forgery (CSRF) vulnerability in Mipcms 5.0.1
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.
network
low complexity
mipcms CWE-352
6.5
6.5