Skip to main content
CVE-2018-5233 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Grav Cms
NVD
CVSS 3.0
6.1
EPSS
3.4%
CVE-2018-8732 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wampserver
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-1196 MEDIUM PATCH This Month

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure Spring Boot
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2018-6842 MEDIUM This Month

Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Xperience
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy