Security Vulnerabilities - CVEs Published In August 2018
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-08-20
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-20
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-20
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-20
CMSUno before 1.5.3 has XSS via the title field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-20
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-20
my little forum 2.4.12 allows CSRF for deletion of users.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-08-20
fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.
CVSS Score
8.8
EPSS Score
0.06
Published
2018-08-20
The editor in Xiuno BBS 4.0.4 allows stored XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-20
PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-08-20