Cmseasy
CVE-2018-11680
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
AnalysisAI
An issue was discovered in CmsEasy 6.1_20180508. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. Affected products include: Cmseasy.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.
A vulnerability was found in CmsEasy up to 7.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp
cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admi
An issue was discovered in CmsEasy 6.1_20180508. Rated high severity (CVSS 8.8), this vulnerability is remotely exploita
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the
CMSeasy 7.7.7.9 is vulnerable to code execution. Rated medium severity (CVSS 6.4). Public exploit code available and no
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. Rated medium severity (CVSS 6.1), this vulnerabili
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is
A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Rated medium severity (CVSS 5.3), this
A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), th
A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), this vulnera
cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. Rated medium severity (CV
CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. Rated medium severity (CVSS 4.3), this vulnerability is remote
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today