Security Vulnerabilities - CVEs Published In September 2018
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-01
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-09-01
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-01
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
CVSS Score
6.5
EPSS Score
0.875
Published
2018-09-01
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-09-01
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
CVSS Score
8.6
EPSS Score
0.006
Published
2018-09-01
Bludit 2.3.4 allows XSS via a user name.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-01
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-01
In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-09-01
A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-01