1234N Minicms vulnerabilities
35 known vulnerabilities affecting 1234n/minicms.
Total CVEs
35
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH5MEDIUM22LOW2
Vulnerabilities
Page 2 of 2
CVE-2018-15899P4MEDIUMCVSS 6.1v1.102018-08-27
CVE-2018-15899 [MEDIUM] CWE-79 CVE-2018-15899: An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
nvd
CVE-2019-13186P4MEDIUMCVSS 6.1v1.102019-07-03
CVE-2019-13186 [MEDIUM] CVE-2019-13186: In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can u
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520.
nvd
CVE-2018-16298P4MEDIUMCVSS 6.1v1.102018-08-31
CVE-2018-16298 [MEDIUM] CWE-79 CVE-2018-16298: An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a
An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request.
nvd
CVE-2018-16233P4MEDIUMCVSS 6.1v1.102018-08-30
CVE-2018-16233 [MEDIUM] CWE-79 CVE-2018-16233: MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.
nvd
CVE-2018-10296P4MEDIUMCVSS 6.1v1.102018-04-22
CVE-2018-10296 [MEDIUM] CWE-79 CVE-2018-10296: MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.
nvd
CVE-2018-20520P4MEDIUMCVSS 6.1v1.102018-12-27
CVE-2018-20520 [MEDIUM] CVE-2018-20520: MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233.
nvd
CVE-2018-17039P4MEDIUMCVSS 6.1v1.102018-09-14
CVE-2018-17039 [MEDIUM] CWE-79 CVE-2018-17039: MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST
MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled.
nvd
CVE-2021-44970P4MEDIUMCVSS 5.4v1.112022-02-10
CVE-2021-44970 [MEDIUM] CWE-79 CVE-2021-44970: MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/pag
MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.
nvd
CVE-2024-9281P4MEDIUMCVSS 4.3fixed in 1.112024-09-27
CVE-2024-9281 [MEDIUM] CWE-352 CVE-2024-9281: A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue aff
A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions co
nvd
CVE-2023-46378P4MEDIUMCVSS 5.4v1.112023-10-31
CVE-2023-46378 [MEDIUM] CWE-79 CVE-2023-46378: Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary c
Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.
nvd
CVE-2024-9282P4MEDIUMCVSS 4.3fixed in 1.112024-09-27
CVE-2024-9282 [MEDIUM] CWE-352 CVE-2024-9282: A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is
A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions co
nvd
CVE-2019-13341P4MEDIUMCVSS 4.8v1.102019-07-05
CVE-2019-13341 [MEDIUM] CWE-79 CVE-2019-13341: In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get
In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie.
nvd
CVE-2019-13340P4MEDIUMCVSS 4.8v1.102019-07-05
CVE-2019-13340 [MEDIUM] CVE-2019-13340: In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker ca
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186.
nvd
CVE-2018-10423P4LOWCVSS 2.7v1.102018-04-26
CVE-2018-10423 [LOW] CWE-200 CVE-2018-10423: mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-l
mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.
nvd
CVE-2018-10424P4LOWCVSS 2.7v1.102018-04-26
CVE-2018-10424 [LOW] CWE-200 CVE-2018-10424: mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.
nvd
← Previous2 / 2