Skip to main content

Hongcms CVE-2018-10422

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-04-26 cve@mitre.org
4.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 26, 2018 - 05:29 nvd
MEDIUM 4.8

DescriptionNVD

An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.

AnalysisAI

An issue was discovered in HongCMS 3.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field. Affected products include: Hongcms Project Hongcms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-28523 HIGH POC
8.1 Apr 26

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. Rated high

CVE-2018-16774 HIGH POC
7.5 Sep 10

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=del

CVE-2022-32412 HIGH POC
7.2 Jul 01

An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), t

CVE-2022-32411 HIGH POC
7.2 Jul 01

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this

CVE-2018-13021 HIGH POC
7.2 Jun 29

An issue was discovered in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, lo

CVE-2018-12912 HIGH POC
7.2 Jun 27

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnera

CVE-2019-16867 MEDIUM POC
6.5 Sep 25

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=del

CVE-2019-8407 MEDIUM POC
6.5 Feb 17

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php

CVE-2019-17611 MEDIUM POC
6.1 Oct 16

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. Rated medium severity (CVSS 6.1), this vulnerabil

CVE-2019-17610 MEDIUM POC
6.1 Oct 16

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. Rated medium severity (CVSS 6.1), this vulnerabili

CVE-2019-17609 MEDIUM POC
6.1 Oct 16

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. Rated medium severity (CVSS 6.1), this vulnerabili

CVE-2019-17608 MEDIUM POC
6.1 Oct 16

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability i

Share

CVE-2018-10422 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy