Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2018
CVE-2018-18938
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-05
CVE-2018-18939
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-05
CVE-2018-18942
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
CVSS Score
7.2
EPSS Score
0.025
Published
2018-11-05
CVE-2018-18943
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-11-05
CVE-2018-18949
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
CVSS Score
9.8
EPSS Score
0.128
Published
2018-11-05
CVE-2018-18950
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-11-05
CVE-2018-18952
JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI.
CVSS Score
4.8
EPSS Score
0.001
Published
2018-11-05
CVE-2018-18928
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
CVSS Score
9.8
EPSS Score
0.028
Published
2018-11-04
CVE-2018-18919
The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area.
CVSS Score
4.8
EPSS Score
0.005
Published
2018-11-04
CVE-2018-18924
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
CVSS Score
8.8
EPSS Score
0.034
Published
2018-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved