Vulnerabilities > Popojicms > Popojicms > 1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-06 | CVE-2020-21356 | Exposure of Resource to Wrong Sphere vulnerability in Popojicms 1.2 An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. | 5.0 |
2021-08-06 | CVE-2020-21357 | Cross-site Scripting vulnerability in Popojicms 1.2 A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field. | 4.3 |