Skip to main content
CVE-2018-19904 MEDIUM POC This Month

Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xsltcms Org
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-19903 MEDIUM POC This Month

Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xsltcms Org
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20623 MEDIUM POC This Month

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Binutils
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2018-19918 MEDIUM POC This Month

CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-19906 MEDIUM POC This Month

Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-19905 MEDIUM POC This Month

HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-19845 MEDIUM POC This Month

There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-19902 MEDIUM POC This Month

No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS No Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19901 MEDIUM POC This Month

No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS No Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19844 MEDIUM POC This Month

FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frogcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19937 MEDIUM PATCH This Month

A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apple Vlc For Mobile
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2018-20622 MEDIUM This Month

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jasper Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-6341 MEDIUM PATCH This Month

React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS React
NVD
CVSS 3.1
6.1
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy