Security Vulnerabilities - CVEs Published In 2018
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information
CVSS Score
6.5
EPSS Score
0.015
Published
2018-12-31
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-31
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-31
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-31
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-31
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-31
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-31
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-31
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-31
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-31