Filtered by vendor Ens
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19511 | 1 Ens | 1 Webgalamb | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password. | |||||
| CVE-2018-19509 | 1 Ens | 1 Webgalamb | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS. | |||||