Vulnerabilities (CVE)

Filtered by vendor Qibosoft Subscribe
Filtered by product Qibocms
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27037 1 Qibosoft 1 Qibocms 2023-12-10 N/A 8.8 HIGH
Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php
CVE-2020-18022 1 Qibosoft 1 Qibocms 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.