ByteOS Network

QianFox

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-9609

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.1||MEDIUM

EPSS-Not Assigned

Published-27 May, 2026 | 00:30

Updated-27 May, 2026 | 02:16

QianFox FoxCMS Admin.php edit password recovery

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Vendor-QianFox

Product-FoxCMS

CWE ID-CWE-640

Weak Password Recovery Mechanism for Forgotten Password

CVE-2026-9608

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-Not Assigned

Published-27 May, 2026 | 00:15

Updated-27 May, 2026 | 02:16

QianFox FoxCMS Administrator Backend edit cross site scripting

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Vendor-QianFox

Product-FoxCMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')