Razorcms
Monthly
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.