Skip to main content

Twcms

2 CVEs product

Monthly

CVE-2024-37878 MEDIUM This Month

Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS Twcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31574 MEDIUM POC This Month

Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Twcms
NVD GitHub
CVSS 3.1
5.0
EPSS
0.3%
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS +1
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC This Month

Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Twcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy