ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| chemcms_project | chemcms | 1.0.6 |
ChemCMS 1.0.6 has XSS via the "setting -> website information" field.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| chemcms_project | chemcms | 1.0.6 |