漏洞描述
FineCMS低于5.0.10存在XSS漏洞,攻击者可以在受影响站点的上下文中,在用户的浏览器中注入任意脚本。这可能允许攻击者窃取基于cookie的身份验证凭据并发起其他攻击
FineCMS低于5.0.10存在XSS漏洞(CVE-2017-11629)
PoC代码
暂无相关漏洞推荐
-
CVE-2017-11586: FineCMS <5.0.9 - Open Redirect POC
2025-08-01 | FineCMSFineCMS 5.0.9 contains an open redirect vulnerability via the url parameter in a sync action. An att... -
CVE-2017-11629: FineCMS <=5.0.10 - Cross-Site Scripting POC
2025-08-01 | FineCMSFineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the ... -
FineCMS down_file 模块允许远程文件下载 无POC
2023-03-23 | FineCMSFineCMS5.0.8及版本以下里面有一个down_file函数.可以从远程下载文件到本地服务器. -
CVE-2017-1000028: GlassFish LFI POC
2025-09-01 | GlassFishGlassFish是一款强健的商业兼容应用服务器,达到产品级质量,可免费用于开发、部署和重新分发。开发者可以免费获得源代码,还可以对代码进行更改。GlassFish漏洞成因:java语义中会把&quo... -
CVE-2017-1000486: Primetek Primefaces 5.x - Remote Code Execution POC
2025-09-01 | Primetek PrimefacesPrimetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution.