Tianti_project Tianti
10 CVEs affecting Tianti_project Tianti. Latest disclosed: 2025-09-01. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-25907 | High | 8.8 | 2025-03-10 | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arb… |
CVE-2018-19109 | High | 8.8 | 2018-11-08 | tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the co… |
CVE-2025-27910 | High | 8.0 | 2025-03-10 | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execu… |
CVE-2018-19110 | Medium | 6.5 | 2018-11-08 | The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/ski… |
CVE-2025-9795 | Medium | 6.3 | 2025-09-01 | A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/con… |
CVE-2025-8807 | Medium | 6.3 | 2025-08-10 | A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-a… |
CVE-2025-25908 | Medium | 5.4 | 2025-03-10 | A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into… |
CVE-2018-19091 | Medium | 5.4 | 2018-11-07 | tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. |
CVE-2018-19090 | Medium | 5.4 | 2018-11-07 | tianti 2.3 has stored XSS in the article management module via an article title. |
CVE-2018-19089 | Medium | 5.4 | 2018-11-07 | tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src… |