Renzi

#12250of 53,632
22.3Total CVSS
Vulnerabilities · 4
Medium
4
PT-2020-13840
5.4
2020-06-24
Navigate · Navigate Cms · CVE-2020-14014
**Name of the Vulnerable Software and Affected Versions** Navigate CMS versions 2.8 through 2.9 r1433 **Description** An issue was discovered where the query parameter `fid` on the resource "navigate.php" does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS. **Recommendations** For Navigate CMS versions 2.8 through 2.9 r1433, consider validating and encoding the `fid` parameter in the "navigate.php" resource to prevent reflected XSS attacks. As a temporary workaround, restrict access to the "navigate.php" resource until a proper fix is applied.
PT-2018-14212
6.1
2018-10-01
Wuzhi · Wuzhi Cms · CVE-2018-17832
**Name of the Vulnerable Software and Affected Versions** WUZHI CMS version 2.0 **Description** A security issue exists due to the presence of XSS in the software. The issue is related to the `v` or `f` parameter in the "index.php" endpoint. **Recommendations** For WUZHI CMS version 2.0, consider restricting access to the vulnerable parameters `v` and `f` in the "index.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-11007
5.4
2018-06-11
Dimofinf · Dimofinf Cms · CVE-2018-12094
**Name of the Vulnerable Software and Affected Versions** Dimofinf CMS version 3.0.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `id` parameter in the news.php file. **Recommendations** For Dimofinf CMS version 3.0.0, avoid using the `id` parameter in the news.php file until a fix is available. As a temporary workaround, consider restricting access to the news.php file to minimize the risk of exploitation.
PT-2018-11008
5.4
2018-06-11
Oecms · Oecms · CVE-2018-12095
**Name of the Vulnerable Software and Affected Versions** OEcms version 3.1 **Description** A Reflected Cross-Site Scripting issue has been found in the web-application, specifically located in the `mod` parameter of the "info.php" endpoint. **Recommendations** For OEcms version 3.1, consider restricting access to the `mod` parameter in the "info.php" endpoint until a patch is available.