Skip to main content

Razorcms

8 CVEs product

Monthly

CVE-2018-19906 MEDIUM POC This Month

Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-19905 MEDIUM POC This Month

HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-17986 HIGH POC This Week

rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Razorcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-16727 MEDIUM POC This Month

razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16726 MEDIUM POC This Month

razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2012-6038 MEDIUM POC PATCH This Month

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Razorcms
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.5%
CVE-2012-5918 MEDIUM POC This Month

razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Razorcms
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
2.2%
CVE-2012-1900 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Razorcms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Razorcms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
EPSS 5% CVSS 6.5
MEDIUM POC PATCH This Month

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Razorcms
NVD Exploit-DB
EPSS 2% CVSS 4.0
MEDIUM POC This Month

razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Razorcms
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Razorcms
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy