nangge/noneCms

nangge/noneCms

Releases3

Frequency4 months 4 weeks

Last Release over 8 years ago

Stars271

基于thinkphp5.1 的内容管理系统，可快速搭建博客、企业站；并且增加了实时聊天室

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-18282 ↗	May 8, 2023Monday, 8 May 2023, 14:15	6.1 MEDIUM	—
Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.
CVE-2020-23371 ↗	May 10, 2021Monday, 10 May 2021, 23:15	6.1 MEDIUM	4.3 MEDIUM
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVE-2020-23373 ↗	May 10, 2021Monday, 10 May 2021, 23:15	5.4 MEDIUM	3.5 LOW
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23374 ↗	May 10, 2021Monday, 10 May 2021, 23:15	5.4 MEDIUM	3.5 LOW
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23376 ↗	May 10, 2021Monday, 10 May 2021, 23:15	6.1 MEDIUM	4.3 MEDIUM
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
CVE-2018-20062 ↗	Dec 11, 2018Tuesday, 11 December 2018, 18:29	9.8 CRITICAL	7.5 HIGH
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.