Security Vulnerabilities - CVEs Published In September 2018
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02
ChemCMS 1.0.6 has XSS via the "setting -> website information" field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-02
An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-02
SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-02
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-02
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-02
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-09-02
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02
ShowDoc v1.8.0 has XSS via a new page.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-02