This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Product: LightCMS | |
CVE: CVE-2021-3355 | |
Version: v1.3.4 | |
Vulnerability: Stored Cross-Site Scripting | |
Vulnerability Description: LightCMS v1.3.4 allowing an attacker to execute HTML or JavaScript code via "exclusive" parameter at `/admin/SensitiveWords` page. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Product: S-CMS | |
CVE: CVE-2020-20698 | |
Version: PHP enterprise edition v3.0 | |
Vulnerability: Remote Code Execution | |
Vulnerability Description: A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Product: S-CMS | |
CVE: CVE-2020-20699 | |
Version: PHP enterprise edition v3.0 | |
Vulnerability: Stored Cross-Site Scripting | |
Vulnerability Description: A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Product: S-CMS | |
CVE: CVE-2020-20700 | |
Version: PHP enterprise edition v3.0 | |
Vulnerability: Stored Cross-Site Scripting | |
Vulnerability Description: A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Product: S-CMS | |
CVE: CVE-2020-20701 | |
Version: PHP enterprise edition v3.0 | |
Vulnerability: Stored Cross-Site Scripting | |
Vulnerability Description: A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64 | |
import re | |
import xml.dom.minidom | |
import json | |
import uuid | |
import struct | |
import string | |
import random | |
import hashlib | |
import time |