Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by xjd2020
CVE-2026-26682 (GCVE-0-2026-26682)
Vulnerability from cvelistv5 – Published: 2026-02-26 00:00 – Updated: 2026-02-26 18:53
VLAI
Summary
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-26682",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T18:52:24.335722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:53:00.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:53:42.684Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sorzs/test/tree/main/fastcms-rce"
},
{
"url": "https://gist.github.com/sorzs/e3913b814e2e5548aa66de6c25b0510a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-26682",
"datePublished": "2026-02-26T00:00:00.000Z",
"dateReserved": "2026-02-16T00:00:00.000Z",
"dateUpdated": "2026-02-26T18:53:00.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2593 (GCVE-0-2025-2593)
Vulnerability from cvelistv5 – Published: 2025-03-21 14:31 – Updated: 2025-03-21 15:19
VLAI
Title
FastCMS list sql injection
Summary
A vulnerability has been found in FastCMS up to 0.1.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/client/article/list. The manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.300577 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.300577 | signaturepermissions-required |
| https://vuldb.com/?submit.517926 | third-party-advisory |
| https://github.com/IceFoxH/VULN/issues/9 | issue-tracking |
| https://github.com/IceFoxH/VULN/issues/8 | exploitissue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2593",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T15:18:57.663161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T15:19:01.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/IceFoxH/VULN/issues/9"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/IceFoxH/VULN/issues/8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "affected",
"version": "0.1.1"
},
{
"status": "affected",
"version": "0.1.2"
},
{
"status": "affected",
"version": "0.1.3"
},
{
"status": "affected",
"version": "0.1.4"
},
{
"status": "affected",
"version": "0.1.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "icefoxh (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in FastCMS up to 0.1.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/client/article/list. The manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In FastCMS bis 0.1.5 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /api/client/article/list. Mit der Manipulation des Arguments orderBy mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:31:04.784Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300577 | FastCMS list sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300577"
},
{
"name": "VDB-300577 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300577"
},
{
"name": "Submit #517926 | fastcms v0.1.5 SQL injection vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.517926"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/IceFoxH/VULN/issues/9"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/IceFoxH/VULN/issues/8"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-21T08:23:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "FastCMS list sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2593",
"datePublished": "2025-03-21T14:31:04.784Z",
"dateReserved": "2025-03-21T07:18:06.579Z",
"dateUpdated": "2025-03-21T15:19:01.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1332 (GCVE-0-2025-1332)
Vulnerability from cvelistv5 – Published: 2025-02-16 00:31 – Updated: 2025-02-18 21:31
VLAI
Title
FastCMS Template Menu menu cross site scripting
Summary
A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html#/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.295942 | vdb-entry |
| https://vuldb.com/?ctiid.295942 | signaturepermissions-required |
| https://gitee.com/xjd2020/fastcms/issues/IBKJ1W | exploitissue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T21:31:38.092487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T21:31:50.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Template Menu"
],
"product": "FastCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "affected",
"version": "0.1.1"
},
{
"status": "affected",
"version": "0.1.2"
},
{
"status": "affected",
"version": "0.1.3"
},
{
"status": "affected",
"version": "0.1.4"
},
{
"status": "affected",
"version": "0.1.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB Gitee Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html#/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available."
},
{
"lang": "de",
"value": "In FastCMS bis 0.1.5 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /fastcms.html#/template/menu der Komponente Template Menu. Durch das Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-16T00:31:08.897Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295942 | FastCMS Template Menu menu cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.295942"
},
{
"name": "VDB-295942 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295942"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/xjd2020/fastcms/issues/IBKJ1W"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-15T09:57:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "FastCMS Template Menu menu cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1332",
"datePublished": "2025-02-16T00:31:08.897Z",
"dateReserved": "2025-02-15T08:52:39.721Z",
"dateUpdated": "2025-02-18T21:31:50.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7733 (GCVE-0-2024-7733)
Vulnerability from cvelistv5 – Published: 2024-08-13 18:00 – Updated: 2024-08-13 18:44
VLAI
Title
FastCMS New Article Category Page cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.274350 | vdb-entry |
| https://vuldb.com/?ctiid.274350 | signaturepermissions-required |
| https://gitee.com/xjd2020/fastcms/issues/IAI8T6 | exploitissue-tracking |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | FastCMS |
Affected:
0.1.0
Affected: 0.1.1 Affected: 0.1.2 Affected: 0.1.3 Affected: 0.1.4 Affected: 0.1.5 |
|
| fastcms_project | fastcms |
Affected:
0.1.0
cpe:2.3:a:fastcms_project:fastcms:0.1.0:*:*:*:*:*:*:* |
|
| fastcms_project | fastcms |
Affected:
0.1.1
cpe:2.3:a:fastcms_project:fastcms:0.1.1:*:*:*:*:*:*:* |
|
| fastcms_project | fastcms |
Affected:
0.1.2
cpe:2.3:a:fastcms_project:fastcms:0.1.2:*:*:*:*:*:*:* |
|
| fastcms_project | fastcms |
Affected:
0.1.3
cpe:2.3:a:fastcms_project:fastcms:0.1.3:*:*:*:*:*:*:* |
|
| fastcms_project | fastcms |
Affected:
0.1.4
cpe:2.3:a:fastcms_project:fastcms:0.1.4:*:*:*:*:*:*:* |
|
| fastcms_project | fastcms |
Affected:
0.1.5
cpe:2.3:a:fastcms_project:fastcms:0.1.5:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fastcms_project:fastcms:0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastcms",
"vendor": "fastcms_project",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fastcms_project:fastcms:0.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastcms",
"vendor": "fastcms_project",
"versions": [
{
"status": "affected",
"version": "0.1.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:fastcms_project:fastcms:0.1.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastcms",
"vendor": "fastcms_project",
"versions": [
{
"status": "affected",
"version": "0.1.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:fastcms_project:fastcms:0.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastcms",
"vendor": "fastcms_project",
"versions": [
{
"status": "affected",
"version": "0.1.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:fastcms_project:fastcms:0.1.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastcms",
"vendor": "fastcms_project",
"versions": [
{
"status": "affected",
"version": "0.1.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:fastcms_project:fastcms:0.1.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastcms",
"vendor": "fastcms_project",
"versions": [
{
"status": "affected",
"version": "0.1.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7733",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:41:14.891674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:44:31.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"New Article Category Page"
],
"product": "FastCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "affected",
"version": "0.1.1"
},
{
"status": "affected",
"version": "0.1.2"
},
{
"status": "affected",
"version": "0.1.3"
},
{
"status": "affected",
"version": "0.1.4"
},
{
"status": "affected",
"version": "0.1.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB Gitee Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in FastCMS bis 0.1.5 gefunden. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente New Article Category Page. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:00:11.066Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-274350 | FastCMS New Article Category Page cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.274350"
},
{
"name": "VDB-274350 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.274350"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/xjd2020/fastcms/issues/IAI8T6"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-13T14:50:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "FastCMS New Article Category Page cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7733",
"datePublished": "2024-08-13T18:00:11.066Z",
"dateReserved": "2024-08-13T12:45:18.026Z",
"dateUpdated": "2024-08-13T18:44:31.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1111 (GCVE-0-2023-1111)
Vulnerability from cvelistv5 – Published: 2024-05-24 06:31 – Updated: 2024-08-02 05:32
VLAI
Title
FastCMS New Article Tab cross site scripting
Summary
A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266126 is the identifier assigned to this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.266126 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.266126 | signaturepermissions-required |
| https://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV | exploitissue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:25:47.824795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:42.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-266126 | FastCMS New Article Tab cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.266126"
},
{
"name": "VDB-266126 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.266126"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"New Article Tab"
],
"product": "FastCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "affected",
"version": "0.1.1"
},
{
"status": "affected",
"version": "0.1.2"
},
{
"status": "affected",
"version": "0.1.3"
},
{
"status": "affected",
"version": "0.1.4"
},
{
"status": "affected",
"version": "0.1.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB Gitee Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266126 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in FastCMS bis 0.1.5 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente New Article Tab. Durch die Manipulation des Arguments Title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-24T06:31:07.931Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-266126 | FastCMS New Article Tab cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.266126"
},
{
"name": "VDB-266126 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.266126"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-05-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-05-24T08:25:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "FastCMS New Article Tab cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1111",
"datePublished": "2024-05-24T06:31:07.931Z",
"dateReserved": "2023-03-01T09:53:59.374Z",
"dateUpdated": "2024-08-02T05:32:46.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1191 (GCVE-0-2023-1191)
Vulnerability from cvelistv5 – Published: 2023-03-06 07:21 – Updated: 2024-08-02 05:40
VLAI
Title
fastcms ZIP File TemplateController.java path traversal
Summary
A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363.
Severity
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-22 - Path Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.222363 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.222363 | signaturepermissions-required |
| https://github.com/my-fastcms/fastcms/issues/1 | issue-tracking |
| https://github.com/ha1yuYiqiyinHangzhouTechn0logy… | exploit |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.222363"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.222363"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/my-fastcms/fastcms/issues/1"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/ha1yuYiqiyinHangzhouTechn0logy/fastcms/blob/main/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"ZIP File Handler"
],
"product": "fastcms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "ha1yuYiqiyinHangzhouTechn0logy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in fastcms entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei admin/TemplateController.java der Komponente ZIP File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T07:39:19.257Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.222363"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.222363"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/my-fastcms/fastcms/issues/1"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ha1yuYiqiyinHangzhouTechn0logy/fastcms/blob/main/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-06T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-31T17:39:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "fastcms ZIP File TemplateController.java path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1191",
"datePublished": "2023-03-06T07:21:45.248Z",
"dateReserved": "2023-03-06T07:21:24.612Z",
"dateUpdated": "2024-08-02T05:40:58.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4300 (GCVE-0-2022-4300)
Vulnerability from cvelistv5 – Published: 2022-12-06 00:00 – Updated: 2025-04-15 13:08
VLAI
Title
FastCMS Template edit injection
Summary
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-707 - Improper Neutralization -> CWE-74 Injection
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | FastCMS |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Ha0Liu/cveAdd/blob/developer/fastcms%E6%A8%A1%E7%89%88%E6%B3%A8%E5%85%A5/fastcms%20template%20injection%20vulnerability.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.214901"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4300",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:42.780182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:08:28.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastCMS",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://github.com/Ha0Liu/cveAdd/blob/developer/fastcms%E6%A8%A1%E7%89%88%E6%B3%A8%E5%85%A5/fastcms%20template%20injection%20vulnerability.md"
},
{
"url": "https://vuldb.com/?id.214901"
}
],
"title": "FastCMS Template edit injection",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-4300",
"datePublished": "2022-12-06T00:00:00.000Z",
"dateReserved": "2022-12-06T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:08:28.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}