Skip to main content
CVE-2018-19598 MEDIUM POC This Month

Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Statamic
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19597 MEDIUM POC This Month

CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-19508 MEDIUM POC This Month

CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsimple
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19507 MEDIUM POC This Month

CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsimple
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19506 MEDIUM POC This Month

Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-11799 MEDIUM PATCH This Month

Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Oozie
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-20298 MEDIUM This Month

S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE S3 Browser
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-17192 MEDIUM PATCH This Month

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Nifi
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-17193 MEDIUM PATCH This Month

The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Nifi
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2018-16883 MEDIUM This Month

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sssd
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15798 MEDIUM PATCH This Month

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Concourse
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-19596 MEDIUM This Month

Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zurmo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy