CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

313 matches found

OSV•added 2019/07/05 3:16 p.m.•20 views

CVE-2019-13340

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186...

4.8CVSS5.9AI score

Exploits0References1

OSV•added 2019/07/05 3:16 p.m.•20 views

CVE-2019-13339

In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php content box, which can be used to get a user's cookie...

4.8CVSS5.7AI score

Exploits0References1

Prion•added 2019/07/05 3:16 p.m.•22 views

Cross site scripting

3.5CVSS5.2AI score0.00865EPSS

Exploits4References1Affected Software1

CVE•added 2019/07/05 2:5 p.m.•293 views

CVE-2019-13340

CVE-2019-13340 affects MiniCMS v1.10 with a stored XSS in mc-admin/post-edit.php (content box). The root cause is unsanitized input being stored in the content field, enabling an attacker to steal a user’s cookie. Impact is aligned with stored XSS, enabling credential/session data exposure; explo...

4.8CVSS5.1AI score0.00622EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/07/05 2:5 p.m.•29 views

CVE-2019-13340

5.2AI score0.00622EPSS

Exploits1References1

CVE•added 2019/07/05 2:5 p.m.•306 views

CVE-2019-13339

CVE-2019-13339 affects MiniCMS v1.10. The stored XSS is in mc-admin/page-edit.php (content box) due to lack of proper validation of client-side data, allowing an attacker to obtain a user’s cookie. Connected sources also show public exploitation material (e.g., Exploit-DB) with a payload demonstr...

4.8CVSS4.7AI score0.00631EPSS

Exploits2References1Affected Software1

CVE•added 2019/07/03 4:7 p.m.•81 views

CVE-2019-13186

Affected software: MiniCMS V1.10. The vulnerability is a stored XSS in mc-admin/post-edit.php (via the content box; also similar references mention a tags box). Root cause stated: stored cross-site scripting allows an attacker to obtain a user’s cookie. The CVE entry and Red Hat quis confirm the ...

6.1CVSS5.1AI score0.00865EPSS

Exploits1References1Affected Software1

OSV•added 2019/05/22 6:29 p.m.•17 views

CVE-2019-11231

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content PHP code, for example. This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to th...

9.8CVSS7.1AI score

Exploits0References2

NVD•added 2018/12/31 3:29 p.m.•16 views

CVE-2018-19845

There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325...

5.4CVSS5.6AI score0.0057EPSS

Exploits1References1

Prion•added 2018/12/31 3:29 p.m.•19 views

Cross site scripting

There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325...

3.5CVSS5.6AI score0.00797EPSS

Exploits2References1Affected Software1

OSV•added 2018/12/31 3:29 p.m.•17 views

CVE-2018-19845

There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325...

5.4CVSS5.8AI score0.0057EPSS

Exploits1References1

CVE•added 2018/12/31 3:0 p.m.•42 views

CVE-2018-19845

CVE-2018-19845 is a stored XSS in GetSimple CMS. Multiple connected documents confirm the vulnerability in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter (and related CVE-2018-16325). CNVD/OSV/ CNVD entries also reference GetSimple CMS 3.4.0.9 and the admin/edit.php title field...

5.4CVSS5.5AI score0.0057EPSS

Exploits1References1Affected Software1

NVD•added 2018/12/27 3:29 p.m.•14 views

CVE-2018-20520

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233...

6.1CVSS5.4AI score0.00865EPSS

Exploits1References1

Prion•added 2018/12/27 3:29 p.m.•30 views

Sql injection

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233...

4.3CVSS5.3AI score0.00865EPSS

Exploits2References1Affected Software1

CVE•added 2018/12/27 3:0 p.m.•71 views

CVE-2018-20520

MiniCMS V1.10 is affected. The vulnerability is an XSS in the admin post editor: mc-admin/post-edit.php is exploitable via the query string (CVE-2018-20520) and, per related disclosures, via the content box in the editor (CVE-2019-13340). Impact per sources is to steal or access user cookies. Roo...

6.1CVSS5.2AI score0.00865EPSS

Exploits1References1Affected Software1

NVD•added 2018/11/16 6:29 p.m.•17 views

CVE-2018-18797

School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php...

8.8CVSS8.7AI score0.02385EPSS

Exploits5References2

Prion•added 2018/09/01 10:29 p.m.•15 views

Cross site scripting

There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field...

4.3CVSS5.3AI score0.00797EPSS

Exploits1References1Affected Software1

OSV•added 2018/09/01 10:29 p.m.•15 views

CVE-2018-16325

There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field...

6.1CVSS6AI score

Exploits0References1

Cvelist•added 2018/09/01 10:0 p.m.•26 views

CVE-2018-16325

There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field...

5.5AI score0.00797EPSS

Exploits1References1

CVE•added 2018/09/01 10:0 p.m.•57 views

CVE-2018-16325

GetSimple CMS 3.4.0.9 is affected by Stored/ reflected XSS via the admin/edit.php title field (CVE-2018-16325). The available connected documents confirm XSS in the title input, but do not provide exploitation details or a patch/mitigation entry. No explicit root-cause or vulnerable vector beyond...

6.1CVSS5.5AI score0.00797EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by