Victor Cms
CVE-2018-16775
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu.
AnalysisAI
An issue was discovered in Victor CMS through 2018-05-10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. Affected products include: Victor Cms Project Victor Cms. Version information: through 2018.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Victor Cms
View allVictor CMS v1.0 was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulner
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload t
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. Rated
Victor Cms versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Victor Cms versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?se
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote att
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. Rated high severity
A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. Rated high sev
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows a
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. Rated medium severi
An issue was discovered in Victor CMS through 2018-05-10. Rated medium severity (CVSS 6.1), this vulnerability is remote
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today