17 matches found
CVE-2018-10726
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...
EUVD-2018-2828
Malware in sbrugna...
CVE-2018-10758
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles...
Datenstrom Yellow Cross-Site Request Forgery Vulnerability
Datenstrom Yellow is a system for creating small websites, blogs and wikis. A cross-site request forgery vulnerability exists in the edit/ URI in Datenstrom Yellow version 0.7.3. A remote attacker could exploit this vulnerability to delete articles...
Datenstrom Yellow Cross-Site Scripting Vulnerability
Datenstrom Yellow is a system for creating small websites, blogs and wikis. A cross-site scripting vulnerability exists in Datenstrom Yellow version 0.7.3. A remote attacker can exploit this vulnerability to inject malicious code via an edit page...
CVE-2018-10758
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles...
CVE-2018-10758
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles...
Cross site request forgery (csrf)
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles...
CVE-2018-10758
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles...
CVE-2018-10758
The CVE-2018-10758 entry concerns Datenstrom Yellow 0.7.3, where the edit/ URI is vulnerable to CSRF via a delete action that can delete articles. The core issue is a CSRF flaw in the edit endpoint that allows unauthorized deletion of content, implying that an attacker could induce a logged-in us...
CVE-2018-10726
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...
Cross site scripting
DISPUTED A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...
CVE-2018-10726
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...
CVE-2018-10726
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...
CVE-2018-10726
CVE-2018-10726 is a stored XSS vulnerability in Datenstrom Yellow 0.7.3 exploitable via the "Edit page" action. Multiple connected reports reiterate the vendor’s note that installations accessible to untrusted users should have parserSafeMode=1 in system/config/config.ini to prevent XSS. Affected...
CVE-2018-10726
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...
PT-2018-10068 · Datenstrom · Datenstrom Yellow
Name of the Vulnerable Software and Affected Versions: Datenstrom Yellow version 0.7.3 Description: A stored XSS issue was found via an "Edit page" action. The vendor disputes the relevance of this report, noting that installations accessible to untrusted users should have parserSafeMode=1 in...