Vulnerabilities > Pescms > Pescms Team > 2.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-03 | CVE-2018-16371 | Cross-site Scripting vulnerability in Pescms Team 2.2.1 PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. | 6.1 |
| 2018-09-03 | CVE-2018-16370 | Unrestricted Upload of File with Dangerous Type vulnerability in Pescms Team 2.2.1 In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. | 9.8 |