|
248761
|
6.1 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
|
CWE-79
Cross-site Scripting
|
CVE-2018-11473
|
2024-11-21 12:43 |
2018-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248762
|
6.1 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
|
CWE-79
Cross-site Scripting
|
CVE-2018-11472
|
2024-11-21 12:43 |
2018-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248763
|
5.4 |
MEDIUM
Network
|
getcockpit
|
cockpit
|
Cockpit 0.5.5 has XSS via a collection, form, or region.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11471
|
2024-11-21 12:43 |
2018-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248764
|
8.8 |
HIGH
Network
|
iscripts
|
eswap
|
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
|
CWE-89
SQL Injection
|
CVE-2018-11470
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248765
|
5.9 |
MEDIUM
Network
|
haproxy
canonical
|
haproxy
ubuntu_linux
|
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticate…
|
CWE-200
Information Exposure
|
CVE-2018-11469
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248766
|
5.5 |
MEDIUM
Local
|
discount_project
debian
|
discount
debian_linux
|
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by m…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11468
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248767
|
8.8 |
HIGH
Network
|
easyservice_billing_project
|
easyservice_billing
|
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.
|
CWE-352
Origin Validation Error
|
CVE-2018-11445
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248768
|
9.8 |
CRITICAL
Network
|
easyservice_billing_project
|
easyservice_billing
|
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.
|
CWE-89
SQL Injection
|
CVE-2018-11444
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248769
|
6.1 |
MEDIUM
Network
|
easyservice_billing_project
|
easyservice_billing
|
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11443
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248770
|
8.8 |
HIGH
Network
|
easyservice_billing_project
|
easyservice_billing
|
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.
|
CWE-352
Origin Validation Error
|
CVE-2018-11442
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
