Skip to main content
CVE-2018-14955 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14954 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-14953 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14952 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14951 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14950 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14937 MEDIUM POC This Month

The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Little Forum
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-14936 MEDIUM POC This Month

The Add page option in my little forum 2.4.12 allows XSS via the Title field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Little Forum
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-14941 MEDIUM This Month

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nsg 9000
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy