CVE-2018-7219 — CVSS 8.8 (high): application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a…
CVE-2020-18646 — CVSS 7.5 (high): Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".
CVE-2018-6029 — CVSS 7.5 (high): The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal…
CVE-2020-18647 — CVSS 7.5 (high): Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".
CVE-2018-6022 — CVSS 6.5 (medium): Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to…
CVE-2019-16721 — CVSS 6.5 (medium): NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.
CVE-2020-18282 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback…
CVE-2020-23371 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows…
CVE-2020-23376 — CVSS 6.1 (medium): NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be…
CVE-2020-23374 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject…
CVE-2020-23373 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary…