cbcvebase.

Bloofox Bloofoxcms vulnerabilities

27 known vulnerabilities affecting bloofox/bloofoxcms.

Total CVEs
27
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH5MEDIUM10LOW1

Vulnerabilities

Page 2 of 2
CVE-2020-35759P4MEDIUMCVSS 6.5v0.5.2.12021-06-16
CVE-2020-35759 [MEDIUM] CWE-352 CVE-2020-35759: bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
nvd
CVE-2020-37241P4MEDIUMCVSS 5.3≥ 0.5.1.0, ≤ 0.5.2.12026-05-16
CVE-2020-37241 [MEDIUM] CWE-352 CVE-2020-37241: bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perf bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit
nvd
CVE-2020-35709P4MEDIUMCVSS 4.9v0.5.2.12020-12-25
CVE-2020-35709 [MEDIUM] CWE-22 CVE-2020-35709: bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/oct bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.
nvd
CVE-2020-36140P4MEDIUMCVSS 6.5v0.5.2.12021-06-04
CVE-2020-36140 [MEDIUM] CWE-352 CVE-2020-36140: BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demo BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).
nvd
CVE-2020-36139P4MEDIUMCVSS 5.4v0.5.2.12021-06-04
CVE-2020-36139 [MEDIUM] CWE-79 CVE-2020-36139: BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payl BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
nvd
CVE-2021-44608P4MEDIUMCVSS 5.4≥ 0.5.1, ≤ 0.5.2.12022-02-24
CVE-2021-44608 [MEDIUM] CWE-79 CVE-2021-44608: Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.
nvd
CVE-2020-35762P4LOWCVSS 2.7v0.5.2.12021-06-16
CVE-2020-35762 [LOW] CWE-22 CVE-2020-35762: bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.
nvd
Bloofox Bloofoxcms vulnerabilities | cvebase