Skip to main content
CVE-2018-18291 MEDIUM POC This Month

A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rt Ac58U Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-18287 MEDIUM POC This Month

On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rt Ac58U Firmware
NVD GitHub
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-18289 HIGH This Week

The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zabbix Atlassian Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-18290 MEDIUM This Month

An issue was discovered in nc-cms through 2017-03-10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nc Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy