Skip to main content
CVE-2018-6806 MEDIUM POC This Month

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Marked 2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2018-6824 MEDIUM POC This Month

Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cozy
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-6796 MEDIUM POC This Month

PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Multilanguage Real Estate Mlm Script
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6795 MEDIUM POC This Month

PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Naukri Clone Script
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6655 MEDIUM POC This Month

PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Doctor Search Script
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6794 MEDIUM POC PATCH THREAT This Month

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Suricata Debian Linux
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
24.7%
CVE-2018-6791 MEDIUM This Month

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Plasma Workspace Debian Linux
NVD
CVSS 3.0
6.8
EPSS
0.8%
CVE-2018-6603 MEDIUM This Month

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webpam Proe
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1382 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Api Connect
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6790 MEDIUM This Month

An issue was discovered in KDE Plasma Workspace before 5.12.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plasma Workspace
NVD
CVSS 3.0
5.3
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy