Vulnerabilities > Xunruicms > Xunruicms > 4.2.4

DATE CVE VULNERABILITY TITLE RISK
2025-03-09 CVE-2025-2131 Code Injection vulnerability in Xunruicms
A vulnerability was found in dayrui XunRuiCMS up to 4.6.3.
network
low complexity
xunruicms CWE-94
4.8
4.8
2024-03-07 CVE-2024-24389 Cross-site Scripting vulnerability in Xunruicms
A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.
network
low complexity
xunruicms CWE-79
6.1
6.1
2024-02-02 CVE-2024-24388 Cross-site Scripting vulnerability in Xunruicms
Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.
network
low complexity
xunruicms CWE-79
6.1
6.1
2023-09-27 CVE-2021-38243 Unspecified vulnerability in Xunruicms
xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php.
network
low complexity
xunruicms
critical
 9.8
9.8