Tianti_project Tianti

10 CVEs affecting Tianti_project Tianti. Latest disclosed: 2025-09-01. Critical: 0, High: 3.

Top CVEs affecting Tianti_project Tianti
CVESeverityScorePublishedSummary
CVE-2025-25907High8.82025-03-10tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arb…
CVE-2018-19109High8.82018-11-08tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the co…
CVE-2025-27910High8.02025-03-10tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execu…
CVE-2018-19110Medium6.52018-11-08The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/ski…
CVE-2025-9795Medium6.32025-09-01A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/con…
CVE-2025-8807Medium6.32025-08-10A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-a…
CVE-2025-25908Medium5.42025-03-10A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into…
CVE-2018-19091Medium5.42018-11-07tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.
CVE-2018-19090Medium5.42018-11-07tianti 2.3 has stored XSS in the article management module via an article title.
CVE-2018-19089Medium5.42018-11-07tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src…