Skip to main content

Wolf Cms CVE-2018-6890

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-02-22 cve@mitre.org
4.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 22, 2018 - 19:29 nvd
MEDIUM 4.8

DescriptionNVD

Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. Affected products include: Wolfcms Wolf Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2015-6568 HIGH POC
8.8 Apr 14

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/

CVE-2015-6567 HIGH POC
8.8 Apr 14

Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/

CVE-2012-1897 MEDIUM POC
6.8 Oct 01

Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack

CVE-2018-8814 MEDIUM POC
6.5 Apr 04

Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication

CVE-2019-10646 MEDIUM POC
6.1 Mar 30

Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). Rated medi

CVE-2017-11611 MEDIUM POC
5.4 Sep 08

Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remo

CVE-2018-1000084 MEDIUM POC
5.4 Mar 13

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout

CVE-2018-14837 MEDIUM POC
4.8 Aug 10

Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. Rated medium severity (CV

CVE-2018-8813 MEDIUM POC
4.8 Apr 04

Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attack

CVE-2018-1000087 MEDIUM POC
4.8 Mar 13

WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create

CVE-2012-1898 MEDIUM POC
4.3 Oct 01

Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote

CVE-2018-15842 MEDIUM
4.8 Aug 25

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. Rated medium severity (CVSS 4.8), this vulnerability i

Share

CVE-2018-6890 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy