CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16233
https://notcve.org/view.php?id=CVE-2018-16233
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. MiniCMS V1.10 tiene Cross-Site Scripting (XSS) mediante el parámetro tags en mc-admin/post-edit.php. • https://github.com/bg5sbk/MiniCMS/issues/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15899
https://notcve.org/view.php?id=CVE-2018-15899
An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability. Se ha descubierto un problema en MiniCMS 1.10. Hay una vulnerabilidad de Cross-Site Scripting (XSS) en post.php? • https://github.com/bg5sbk/MiniCMS/issues/21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000638
https://notcve.org/view.php?id=CVE-2018-1000638
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection. MiniCMS, en su versión 6.0.1,1, contiene una vulnerabilidad Cross Site Scripting (XSS) en lhttp://example.org/mc-admin/page.php?date={payload} que puede resultar en la inyección de código. • https://github.com/bg5sbk/MiniCMS/issues/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10424
https://notcve.org/view.php?id=CVE-2018-10424
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field. mc-admin/post-edit.php en MiniCMS 1.10 permite la revelación de ruta completa mediante un campo id modificado. • https://github.com/bg5sbk/MiniCMS/issues/18 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10423
https://notcve.org/view.php?id=CVE-2018-10423
mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article. mc-admin/post.php en MiniCMS 1.10 permite que atacantes remotos obtengan una lista de directorios del directorio de nivel más alto de la raíz web mediante un enlace que se vuelve disponible tras publicar un artículo. • https://github.com/bg5sbk/MiniCMS/issues/18 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •