Skip to main content
CVE-2018-12971 MEDIUM POC This Month

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Easycms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-13001 MEDIUM POC This Month

An XSS issue was discovered in Sandoba CP:Shop v2016.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cp
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-12998 MEDIUM POC THREAT This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +2
NVD GitHub
CVSS 3.1
6.1
EPSS
98.5%
CVE-2018-12996 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Applications Manager
NVD GitHub
CVSS 3.0
6.1
EPSS
3.5%
CVE-2018-12982 MEDIUM POC This Month

Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-13002 MEDIUM POC This Month

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Core Grid
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-13000 MEDIUM POC This Month

An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Advanced Electron Forum
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-12992 MEDIUM POC This Month

An issue was discovered CMS MaeloStore V.1.5.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maelostore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2018-8902 MEDIUM This Month

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Avalanche
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-13003 MEDIUM This Month

An issue was discovered in OpenTSDB 2.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opentsdb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12973 MEDIUM This Month

An issue was discovered in OpenTSDB 2.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opentsdb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13025 MEDIUM This Month

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Yxcms
NVD GitHub
CVSS 3.0
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy