CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-13865

An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.3%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/idreamsoft/iCMS/issues/27
https://github.com/idreamsoft/iCMS/issues/27

Products affected by CVE-2018-13865

Idreamsoft » Icms » Version: 7.0.9

cpe:2.3:a:idreamsoft:icms:7.0.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-13865

Products

Pricing

Contact Us