|
246811
|
4.8 |
MEDIUM
Network
|
ultimatemember
|
user_profile_\&_membership
|
Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_opti…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10234
|
2024-11-21 12:41 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246812
|
8.8 |
HIGH
Network
|
ultimatemember
|
user_profile_\&_membership
|
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
|
CWE-352
Origin Validation Error
|
CVE-2018-10233
|
2024-11-21 12:41 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246813
|
7.5 |
HIGH
Network
|
beauty
|
beauty_ecosystem_coin
|
An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attacke…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-10299
|
2024-11-21 12:41 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246814
|
5.4 |
MEDIUM
Network
|
discuz
|
discuzx
|
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10298
|
2024-11-21 12:41 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246815
|
5.4 |
MEDIUM
Network
|
discuz
|
discuzx
|
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10297
|
2024-11-21 12:41 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246816
|
6.1 |
MEDIUM
Network
|
1234n
|
minicms
|
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10296
|
2024-11-21 12:41 |
2018-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246817
|
8.8 |
HIGH
Network
|
chemcms_project
|
chemcms
|
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account.
|
CWE-352
Origin Validation Error
|
CVE-2018-10295
|
2024-11-21 12:41 |
2018-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246818
|
8.8 |
HIGH
Network
|
ericssonlg
|
ipecs_nms
|
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certa…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-10286
|
2024-11-21 12:41 |
2018-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246819
|
9.8 |
CRITICAL
Network
|
ericssonlg
|
ipecs_nms
|
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10285
|
2024-11-21 12:41 |
2018-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246820
|
5.5 |
MEDIUM
Local
|
artifex
debian
|
mupdf
debian_linux
|
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pd…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-10289
|
2024-11-21 12:41 |
2018-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
