Skip to main content
CVE-2018-19340 MEDIUM POC This Month

Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Form Php
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19350 MEDIUM POC This Month

In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Seacms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-19324 MEDIUM POC This Month

kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rb
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-19329 MEDIUM POC This Month

GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Greencms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy