Skip to main content
CVE-2018-1042 MEDIUM POC PATCH THREAT This Month

Moodle 3.x has Server Side Request Forgery in the filepicker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Moodle
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
15.6%
CVE-2018-6002 MEDIUM POC This Month

The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Soundy Background Music
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-6001 MEDIUM POC This Month

The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Soundy Audio Playlist
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-5962 MEDIUM POC This Month

index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-5961 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-1043 MEDIUM PATCH This Month

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1045 MEDIUM PATCH This Month

In Moodle 3.x, there is XSS via a calendar event name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Moodle
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-1044 MEDIUM PATCH This Month

In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy