Teacmsproject Teacms
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Teacmsproject Teacms.
By the Year
In 2026 there have been 0 vulnerabilities in Teacmsproject Teacms. Last year, in 2025 Teacms had 1 security vulnerability published. Right now, Teacms is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 5 | 7.32 |
It may take a day or so for new Teacms vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Teacmsproject Teacms Security Vulnerabilities
XiaoBingby TeaCMS 2.0.2 CSRF via UserManageController
CVE-2025-5033
- May 21, 2025
A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Session Riding
TeaCMS XSS via Article Title Parameter
CVE-2023-27090
5.4 - Medium
- April 20, 2023
Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter.
XSS
XiaoBingby TeaCMS 2.3.3 Unauth Priv Esc via id/keywords (CVE-2023-27091)
CVE-2023-27091
7.2 - High
- April 04, 2023
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).
authentification
XiaoBingBy TeaCMS 2.0.2 ArticleTitleHandler XSS Remote
CVE-2023-1616
5.4 - Medium
- March 24, 2023
A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800.
XSS
Critical SQLi in XiaoBingBy TeaCMS <=2.0.2 admin/getallarticleinfo
CVE-2023-1483
9.8 - Critical
- March 18, 2023
A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. The attack can be initiated remotely. VDB-223366 is the identifier assigned to this vulnerability.
SQL Injection
Path Traversal in XiaoBingBy TeaCMS 2.0 /admin/upload
CVE-2023-1398
8.8 - High
- March 14, 2023
A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Teacmsproject Teacms or by Teacmsproject? Click the Watch button to subscribe.
