Filtered by vendor Xiaocms
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19197 | 1 Xiaocms | 1 Xiaocms | 2019-01-23 | 5.5 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal. | |||||
| CVE-2018-19195 | 1 Xiaocms | 1 Xiaocms | 2018-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\show_product.html file. | |||||
| CVE-2018-19194 | 1 Xiaocms | 1 Xiaocms | 2018-12-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message. | |||||
| CVE-2018-19193 | 1 Xiaocms | 1 Xiaocms | 2018-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the "New news" screen. | |||||