|
247961
|
6.1 |
MEDIUM
Network
|
iscripts
|
eswap
|
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10135
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247962
|
9.8 |
CRITICAL
Network
|
pbootcms
|
pbootcms
|
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
|
CWE-94
Code Injection
|
CVE-2018-10133
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247963
|
8.8 |
HIGH
Network
|
pbootcms
|
pbootcms
|
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
|
CWE-352
Origin Validation Error
|
CVE-2018-10132
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247964
|
6.1 |
MEDIUM
Network
|
xyhcms_project
|
xyhcms
|
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10128
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247965
|
8.8 |
HIGH
Network
|
xyhcms_project
|
xyhcms
|
An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.
|
CWE-352
Origin Validation Error
|
CVE-2018-10127
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247966
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10124
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247967
|
7.5 |
HIGH
Network
|
chanzhi
|
chanzhi
|
QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/fi…
|
CWE-22
Path Traversal
|
CVE-2018-10122
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247968
|
4.8 |
MEDIUM
Network
|
monstra
|
monstra
|
plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10121
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247969
|
4.8 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10118
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247970
|
8.8 |
HIGH
Network
|
icmsdev
|
icms
|
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
|
CWE-352
Origin Validation Error
|
CVE-2018-10117
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
