CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-17361

Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.0%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/alterebro/WeaselCMS/issues/7
https://github.com/alterebro/WeaselCMS/issues/7

Products affected by CVE-2018-17361

Weaselcms Project » Weaselcms » Version: 0.3.6

cpe:2.3:a:weaselcms_project:weaselcms:0.3.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-17361

Products

Pricing

Contact Us