Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41472 | 1 74cmsse | 1 74cmsse | 2022-10-18 | N/A | 5.4 MEDIUM |
74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | |||||
CVE-2022-41471 | 1 74cmsse | 1 74cmsse | 2022-10-18 | N/A | 6.5 MEDIUM |
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. |