Vulnerabilities > Rpcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-50565 Cross-site Scripting vulnerability in Rpcms 3.5.5
A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
rpcms CWE-79
5.4
5.4
2022-10-13 CVE-2022-41473 Cross-site Scripting vulnerability in Rpcms 3.0.2
RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.
network
low complexity
rpcms CWE-79
6.1
6.1
2022-10-13 CVE-2022-41474 Cross-Site Request Forgery (CSRF) vulnerability in Rpcms 3.0.2
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.
network
low complexity
rpcms CWE-352
6.5
6.5
2021-07-26 CVE-2021-37392 Cross-site Scripting vulnerability in Rpcms
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page.
network
low complexity
rpcms CWE-79
5.4
5.4
2021-07-26 CVE-2021-37393 Cross-site Scripting vulnerability in Rpcms
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page.
network
low complexity
rpcms CWE-79
5.4
5.4