Vulnerabilities > Rpcms

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-50565 Cross-site Scripting vulnerability in Rpcms 3.5.5
A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
rpcms CWE-79
5.4
2022-10-13 CVE-2022-41473 Cross-site Scripting vulnerability in Rpcms 3.0.2
RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.
network
low complexity
rpcms CWE-79
6.1
2022-10-13 CVE-2022-41474 Cross-Site Request Forgery (CSRF) vulnerability in Rpcms 3.0.2
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.
network
low complexity
rpcms CWE-352
6.5
2022-10-13 CVE-2022-41475 Cross-Site Request Forgery (CSRF) vulnerability in Rpcms 3.0.2
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.
network
low complexity
rpcms CWE-352
8.8
2021-07-26 CVE-2021-37392 Cross-site Scripting vulnerability in Rpcms
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page.
network
rpcms CWE-79
3.5
2021-07-26 CVE-2021-37393 Cross-site Scripting vulnerability in Rpcms
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page.
network
rpcms CWE-79
3.5
2021-07-26 CVE-2021-37394 Unspecified vulnerability in Rpcms
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.
network
rpcms
6.0