Vulnerabilities > Rpcms

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-50565 Cross-site Scripting vulnerability in Rpcms 3.5.5
A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
rpcms CWE-79
5.4
5.4
2022-10-13 CVE-2022-41473 Cross-site Scripting vulnerability in Rpcms 3.0.2
RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.
network
low complexity
rpcms CWE-79
6.1
6.1
2022-10-13 CVE-2022-41474 Cross-Site Request Forgery (CSRF) vulnerability in Rpcms 3.0.2
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.
network
low complexity
rpcms CWE-352
6.5
6.5
2022-10-13 CVE-2022-41475 Cross-Site Request Forgery (CSRF) vulnerability in Rpcms 3.0.2
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.
network
low complexity
rpcms CWE-352
8.8
8.8
2021-07-26 CVE-2021-37392 Cross-site Scripting vulnerability in Rpcms
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page.
network
low complexity
rpcms CWE-79
5.4
5.4
2021-07-26 CVE-2021-37393 Cross-site Scripting vulnerability in Rpcms
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page.
network
low complexity
rpcms CWE-79
5.4
5.4
2021-07-26 CVE-2021-37394 Unspecified vulnerability in Rpcms
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.
network
low complexity
rpcms
8.8
8.8