Skip to main content
CVE-2018-7278 MEDIUM POC This Month

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fds Pc Firmware Fds Pc Dp Firmware
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-7277 MEDIUM POC This Month

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wi Mgr Firmware Fds Wi Firmware
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-7273 MEDIUM POC This Month

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-6936 MEDIUM POC This Month

Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M C1 Firmware
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-7303 MEDIUM POC This Month

The Calendar component in Tiki 17.1 allows HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-7302 MEDIUM POC This Month

Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tiki
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-7260 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-7305 MEDIUM POC This Month

MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mybb
NVD
CVSS 3.0
4.9
EPSS
0.4%
CVE-2018-7272 MEDIUM This Month

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Access Management
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-7280 MEDIUM This Month

The Ninja Forms plugin before 3.2.14 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ninja Forms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-7274 MEDIUM PATCH This Month

Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quarx Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2018-7261 MEDIUM This Month

There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Radiant Cms
NVD
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy