CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18868
https://notcve.org/view.php?id=CVE-2018-18868
31 Oct 2018 — No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. No-CMS 1.1.3 es propenso a Cross-Site Scripting (XSS) persistente mediante un parámetro contact_us name, tal y como queda demostrado con el parámetro VG48Z5PqVWname. • https://github.com/s-kustm/Subodh/blob/master/CVE-2018-18868.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17852
https://notcve.org/view.php?id=CVE-2018-17852
01 Oct 2018 — A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. Se ha descubierto una inyección SQL en WUZHI CMS 4.1.0 en coreframe/app/coupon/admin/card.php mediante el parámetro groupname en el URI /index.php?m=couponf=cardv=detail_listing. • https://github.com/wuzhicms/wuzhicms/issues/155 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17410
https://notcve.org/view.php?id=CVE-2018-17410
26 Sep 2018 — Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. Horus CMS permite la inyección SQL, tal y como queda demostrado con una petición en los URI /busca o /home. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150531 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 3CVE-2018-17391 – Super Cms Blog Pro 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-17391
25 Sep 2018 — SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. Existe una inyección SQL en authors_post.php en Super Cms Blog Pro 1.0 mediante el parámetro author. Super Cms Blog Pro version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/149519 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17045
https://notcve.org/view.php?id=CVE-2018-17045
14 Sep 2018 — An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update. Se ha descubierto un problema en CMS MaeloStore V.1.5.0. Hay una vulnerabilidad CSRF que puede cambiar la contraseña del administrador mediante admin modul users aksi_users.php? • https://github.com/maelosoki/MaeloStore/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16775
https://notcve.org/view.php?id=CVE-2018-16775
10 Sep 2018 — An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. Se ha descubierto un problema en Victor CMS hasta el 10/05/2018. Hay Cross-Site Scripting (XSS) mediante el nombre del sitio en el menú "Categories". • https://github.com/VictorAlagwu/CMSsite/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16780
https://notcve.org/view.php?id=CVE-2018-16780
10 Sep 2018 — Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. Complete Responsive CMS Blog hasta el 20/05/2018 tiene Cross-Site Scripting (XSS) mediante un comentario. • https://github.com/dusaurabh/PHP/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16373
https://notcve.org/view.php?id=CVE-2018-16373
03 Sep 2018 — Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. Frog CMS 0.9.5 tiene una vulnerabilidad de subida que puede crear archivos mediante /admin/?/plugin/file_manager/save. • https://github.com/snappyJack/CVE-2018-16373 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16374
https://notcve.org/view.php?id=CVE-2018-16374
03 Sep 2018 — Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) persistente mediante /admin/?/plugin/comment/settings. • https://github.com/philippe/FrogCMS/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16349
https://notcve.org/view.php?id=CVE-2018-16349
02 Sep 2018 — WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. WUZHI CMS 4.1.0 tiene Cross-Site Scripting (XSS) mediante el parámetro form[remark] en index.php?m=linkf=indexv=add. • https://github.com/wuzhicms/wuzhicms/issues/147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •