Filtered by vendor Easycms
Subscribe
Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17113 | 1 Easycms | 1 Easycms | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | |||||
| CVE-2018-16759 | 1 Easycms | 1 Easycms | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. | |||||
| CVE-2018-16773 | 1 Easycms | 1 Easycms | 2018-09-24 | 3.5 LOW | 4.8 MEDIUM |
| EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | |||||
| CVE-2018-12971 | 1 Easycms | 1 Easycms | 2018-08-20 | 5.8 MEDIUM | 6.5 MEDIUM |
| EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | |||||
| CVE-2018-10374 | 1 Easycms | 1 Easycms | 2018-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. | |||||