Chemcms
Monthly
ChemCMS 1.0.6 has XSS via the "setting -> website information" field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ChemCMS 1.0.6 has XSS via the "setting -> website information" field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.