Vulnerabilities (CVE)

Filtered by vendor Nconsulting Subscribe

Filtered by product Nc-cms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-18290	1 Nconsulting	1 Nc-cms	2018-12-04	3.5 LOW	4.8 MEDIUM
DISPUTED An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality.
CVE-2018-18361	1 Nconsulting	1 Nc-cms	2018-12-03	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element.