Skip to main content
CVE-2018-16337 MEDIUM POC This Month

An issue was discovered in Cscms V4.1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-16350 MEDIUM POC This Month

WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16349 MEDIUM POC This Month

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16347 MEDIUM POC This Month

An issue was discovered in Gleez CMS v1.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gleez Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16330 MEDIUM POC This Month

Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Editor Md
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16342 MEDIUM POC This Month

ShowDoc v1.8.0 has XSS via a new page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Showdoc
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16348 MEDIUM POC This Month

SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Seacms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16346 MEDIUM POC This Month

ChemCMS 1.0.6 has XSS via the "setting -> website information" field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Chemcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16359 MEDIUM This Month

Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Gvisor
NVD GitHub
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-16336 MEDIUM This Month

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Exiv2 Ubuntu Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-16362 MEDIUM This Month

An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE PHP Source Integration
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-16358 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Dotclear
NVD
CVSS 3.0
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy