CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

109 matches found

Prion•added 2018/09/02 6:29 p.m.•9 views

Cross site request forgery (csrf)

An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent...

6.8CVSS8.7AI score0.00523EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/09/02 6:0 p.m.•14 views

CVE-2018-16345

An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent...

8.8AI score0.00523EPSS

Exploits1References1

CVE•added 2018/09/02 6:0 p.m.•42 views

CVE-2018-16345

Affected software: EasyCMS 1.5. Vulnerability: Cross-Site Request Forgery (CSRF) allows updating the administrator password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. Root cause: insufficient CSRF protection on the admin-update endpoint. Impact: unauthori...

8.8CVSS8.7AI score0.00523EPSS

Exploits1References1Affected Software1

Prion•added 2018/06/29 5:29 a.m.•14 views

Cross site request forgery (csrf)

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users...

5.8CVSS6.5AI score0.00447EPSS

Exploits1References1Affected Software1

OSV•added 2018/06/29 5:29 a.m.•10 views

CVE-2018-12971

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users...

6.5CVSS7.1AI score

Exploits0References1

NVD•added 2018/06/29 5:29 a.m.•15 views

CVE-2018-12971

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users...

6.5CVSS6.5AI score0.00447EPSS

Exploits1References1

Cvelist•added 2018/06/29 5:0 a.m.•12 views

CVE-2018-12971

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users...

6.5AI score0.00447EPSS

Exploits1References1

CVE•added 2018/06/29 5:0 a.m.•38 views

CVE-2018-12971

EasyCMS 1.3 is affected by a CSRF vulnerability that allows deleting users via the index.php?s=/admin/user/delAll URI. Multiple sources (NVD/NVD-derived entries, CVE lists, CNVD) corroborate that this is a CSRF flaw targeting the admin user deletion endpoint. The exact impact is deletion of users...

6.5CVSS6.4AI score0.00447EPSS

Exploits1References1Affected Software1

CNVD•added 2018/06/29 12:0 a.m.•1 views

EasyCMS Cross-Site Request Forgery Vulnerability

EasyCMS is a scalable lightweight open source content management system CMS written in PHP. A cross-site request forgery vulnerability exists in EasyCMS version 1.3. A remote attacker can exploit this vulnerability to delete users with the help of index.php?s=/admin/user/delAll URI...

6.5CVSS6.6AI score0.00447EPSS

Exploits1References1

CNVD•added 2018/05/03 12:0 a.m.•1 views

EasyCMS Cross-Site Scripting Vulnerability (CNVD-2018-08985)

EasyCMS is a lightweight scalable open source content management system CMS written in PHP. A cross-site scripting vulnerability exists in EasyCMS version 1.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the title, keyword, abstract and content...

5.4CVSS5.9AI score0.00545EPSS

Exploits1References1

OSV•added 2018/04/28 4:29 p.m.•14 views

CVE-2018-10527

EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.htmllistarticle URI...

5.4CVSS5.4AI score0.00545EPSS

Exploits1References1

Prion•added 2018/04/28 4:29 p.m.•15 views

Cross site scripting

EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.htmllistarticle URI...

3.5CVSS5.2AI score0.00545EPSS

Exploits1References1Affected Software1

NVD•added 2018/04/28 4:29 p.m.•9 views

CVE-2018-10527

EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.htmllistarticle URI...

5.4CVSS5.3AI score0.00545EPSS

Exploits1References1

Cvelist•added 2018/04/28 4:0 p.m.•11 views

CVE-2018-10527

EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.htmllistarticle URI...

5.3AI score0.00545EPSS

Exploits1References1

CVE•added 2018/04/28 4:0 p.m.•32 views

CVE-2018-10527

CVE-2018-10527 affects EasyCMS 1.3 and is described as a Stored XSS vulnerability. The issue affects four input fields when posting an article: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. The related documents confirm the existence of the...

5.4CVSS5.2AI score0.00545EPSS

Exploits1References1Affected Software1

CNVD•added 2018/04/26 12:0 a.m.•1 views

EasyCMS Cross-Site Scripting Vulnerability

EasyCMS is a lightweight scalable open source content management system CMS written in PHP. A cross-site scripting vulnerability exists in EasyCMS version 1.3. A remote attacker can use the 's' POST parameter in the index.php?s=/index/search/index.html request to inject arbitrary Web script or HM...

6.1CVSS6.3AI score0.00692EPSS

Exploits1References1

OSV•added 2018/04/25 9:29 a.m.•13 views

CVE-2018-10374

EasyCMS 1.3 has XSS via the s POST parameter aka a search box value in an index.php?s=/index/search/index.html request...

6.1CVSS6.1AI score0.00692EPSS

Exploits1References1

Prion•added 2018/04/25 9:29 a.m.•10 views

Server side request forgery (ssrf)

EasyCMS 1.3 has XSS via the s POST parameter aka a search box value in an index.php?s=/index/search/index.html request...

4.3CVSS5.9AI score0.00692EPSS

Exploits1References1Affected Software1