Nonecms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Nonecms
(5none)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	12

Date	Id	Summary	Products	Score	Patch	Annotated
2018-12-11	CVE-2018-20062	An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.	Nonecms	9.8
2023-05-08	CVE-2020-18282	Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.	Nonecms	6.1
2021-05-10	CVE-2020-23371	Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.	Nonecms	6.1
2021-05-10	CVE-2020-23373	Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.	Nonecms	5.4
2021-05-10	CVE-2020-23374	Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.	Nonecms	5.4
2021-05-10	CVE-2020-23376	NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.	Nonecms	6.1
2021-06-22	CVE-2020-18646	Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".	Nonecms	7.5
2021-06-22	CVE-2020-18647	Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".	Nonecms	7.5
2019-09-23	CVE-2019-16721	NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.	Nonecms	N/A
2018-02-19	CVE-2018-7219	application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.	Nonecms	8.8