Security Vulnerabilities - CVEs Published In 2018
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-19
CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-19
CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-19
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-19
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-19
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-19
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
CVSS Score
7.3
EPSS Score
0.005
Published
2018-12-19
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-12-19
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
CVSS Score
9.8
EPSS Score
0.072
Published
2018-12-19
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
CVSS Score
9.8
EPSS Score
0.156
Published
2018-12-19