Skip to main content
CVE-2018-17113 MEDIUM POC This Month

App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-17140 MEDIUM POC This Month

The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Quizlord
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-17138 MEDIUM POC This Month

The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Jibu Pro
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-17130 MEDIUM POC This Month

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-17128 MEDIUM POC THREAT This Month

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mybb
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
74.8%
CVE-2018-17129 MEDIUM POC This Month

MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.0
4.9
EPSS
0.9%
CVE-2018-14320 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Podofo
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-14631 MEDIUM PATCH This Month

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Moodle
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-8041 MEDIUM PATCH This Month

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Camel
NVD
CVSS 3.0
5.3
EPSS
9.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy