Lucene search

Skycaiji Security Vulnerabilities

cve

CVE-2018-11371

SkyCaiji 1.2 allows CSRF to add an Administrator user.

8.8CVSS

8.6AI Score

0.001EPSS

2018-05-22 04:29 PM

cve

CVE-2020-18878

Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'.

5.3CVSS

5AI Score

0.003EPSS

2021-08-20 02:15 PM

cve

CVE-2022-28096

Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.

7.2CVSS

7.4AI Score

0.003EPSS

2022-05-04 01:15 PM

cve

CVE-2022-44351

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.

9.8CVSS

9.5AI Score

0.002EPSS

2022-12-07 07:15 PM

cve

CVE-2023-33394

skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data.

5.4CVSS

5.2AI Score

0.001EPSS

2023-05-26 03:15 PM

cve

CVE-2024-39241

Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview.

6.1CVSS

6AI Score

0.0005EPSS

2024-06-26 08:15 PM

cve

CVE-2024-39242

A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()).

6.1CVSS

5.6AI Score

0.0005EPSS

2024-06-26 08:15 PM

cve

CVE-2024-6252

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The explo...

6.1CVSS

3.5AI Score

0.001EPSS

2024-06-22 12:15 PM