Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

nodcms

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2016-20054
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 5.42%
||
7 Day CHG~0.00%
Published-04 Apr, 2026 | 19:59
Updated-14 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nodcms Cross Site Request Forgery via admin endpoints

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.

Action-Not Available
Vendor-nodcmsnodcms
Product-nodcmsnodCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-3641
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.53%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 16:31
Updated-02 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
khodakhah NodCMS POST Request blog-comment-4 cross site scripting

A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument comment_name/comment_content leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233887.

Action-Not Available
Vendor-nodcmskhodakhah
Product-nodcmsNodCMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-20697
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 39.04%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 00:00
Updated-10 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter.

Action-Not Available
Vendor-nodcmsn/a
Product-nodcmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')