CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11398

Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.046

EPSS Ranking 88.8%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/153219/UliCMS-2019.1-Cross-Site-Scripting.html
https://en.ulicms.de/
https://www.exploit-db.com/exploits/46741/
http://packetstormsecurity.com/files/153219/UliCMS-2019.1-Cross-Site-Scripting.html
https://en.ulicms.de/
https://www.exploit-db.com/exploits/46741/

Products affected by CVE-2019-11398

Ulicms » Ulicms » Version: 2019.1

cpe:2.3:a:ulicms:ulicms:2019.1
Ulicms » Ulicms » Version: 2019.2

cpe:2.3:a:ulicms:ulicms:2019.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11398

Products

Pricing

Contact Us