Weaselcms Project CVE

Filtered by vendor Weaselcms Project Subscribe

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-17361	1 Weaselcms Project	1 Weaselcms	2018-11-09	4.3 MEDIUM	6.1 MEDIUM
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.
CVE-2018-14877	1 Weaselcms Project	1 Weaselcms	2018-09-27	3.5 LOW	5.4 MEDIUM
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.

Vulnerabilities (CVE)