Skip to main content

Rpcms

7 CVEs product

Monthly

CVE-2023-50565 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41475 HIGH POC This Week

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rpcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41474 MEDIUM POC This Month

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rpcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-41473 MEDIUM POC This Month

RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-37394 HIGH POC This Week

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rpcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-37393 MEDIUM POC This Month

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-37392 MEDIUM POC This Month

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rpcms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rpcms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rpcms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy