Security Vulnerabilities - CVEs Published In 2017
FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-12-27
FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-27
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-12-27
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-27
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-27
PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-12-27
PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-12-27
packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-27
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
CVSS Score
8.8
EPSS Score
0.009
Published
2017-12-27
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-12-27