MidnightBSD

Advisories for razorcms

CVE-2010-5051 MEDIUM

Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
razorcms razorcms 1.0
CVE-2012-5918 MEDIUM

razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
razorcms razorcms 1.2
CVE-2012-6038 MEDIUM

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
razorcms razorcms 1.0
razorcms razorcms *
razorcms razorcms 0.4
razorcms razorcms 1.1
razorcms razorcms 0.2
razorcms razorcms 0.3
CVE-2018-16726 LOW

razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
razorcms razorcms 3.4.7
CVE-2018-16727 LOW

razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
razorcms razorcms 3.4.7
CVE-2018-17986 MEDIUM

rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
razorcms razorcms 3.4.8
CVE-2018-19905 LOW

HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
razorcms razorcms 3.4.8
CVE-2018-19906 LOW

Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
razorcms razorcms 3.4.8