Lucene search
K

159 matches found

NVD
NVD
added 2018/03/18 6:29 a.m.19 views

CVE-2018-8767

joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...

4.8CVSS5AI score0.0064EPSS
Exploits1References1
OSV
OSV
added 2018/03/18 6:29 a.m.3 views

CVE-2018-8767

joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...

4.8CVSS5.8AI score0.0064EPSS
Exploits1References1
Prion
Prion
added 2018/03/18 6:29 a.m.21 views

Design/Logic Flaw

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...

7.5CVSS9.6AI score0.03432EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/03/18 6:29 a.m.3 views

CVE-2018-8766

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...

9.8CVSS5.7AI score0.03432EPSS
Exploits1References2
Prion
Prion
added 2018/03/18 6:29 a.m.13 views

Design/Logic Flaw

joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...

3.5CVSS4.9AI score0.0064EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/03/18 6:29 a.m.3 views

CVE-2018-8766

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...

9.8CVSS5.9AI score0.03432EPSS
Exploits1References1
NVD
NVD
added 2018/03/18 6:29 a.m.24 views

CVE-2018-8766

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...

9.8CVSS9.7AI score0.03432EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/03/18 6:29 a.m.5 views

CVE-2018-8767

joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...

4.8CVSS5.4AI score0.0064EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/03/18 6:0 a.m.26 views

CVE-2018-8766

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...

9.7AI score0.03432EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/18 6:0 a.m.17 views

CVE-2018-8767

joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...

5AI score0.0064EPSS
Exploits1References1
CVE
CVE
added 2018/03/18 6:0 a.m.44 views

CVE-2018-8767

Joyplus-cms 1.6.0 is affected by a cross-site scripting (XSS) vulnerability in manager/admin_ajax.php?action=save&tab={pre}vod_type, exploitable via the t_name parameter. Root cause: insufficient input sanitization that allows injected script/HTML. Impact: can inject arbitrary scripts into the vi...

4.8CVSS4.9AI score0.0064EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/03/18 6:0 a.m.49 views

CVE-2018-8766

Joyplus-CMS 1.6.0 is affected by an arbitrary file upload in manager/editor/upload.php (related to manager/admin_vod.php?action=add), enabling potential remote code execution due to insufficient validation of uploaded content. The vulnerability is described across multiple sources (including CVE-...

9.8CVSS9.6AI score0.03432EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/03/15 1:29 a.m.3 views

CVE-2018-8717

joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...

8.8CVSS5.8AI score0.0065EPSS
Exploits1References1
NVD
NVD
added 2018/03/15 1:29 a.m.21 views

CVE-2018-8717

joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...

8.8CVSS8.7AI score0.0065EPSS
Exploits1References1
Prion
Prion
added 2018/03/15 1:29 a.m.16 views

Cross site request forgery (csrf)

joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...

6.8CVSS8.6AI score0.0065EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/03/15 1:29 a.m.3 views

CVE-2018-8717

joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...

8.8CVSS5.5AI score0.0065EPSS
Exploits1References2
CNVD
CNVD
added 2018/03/15 12:0 a.m.5 views

Joyplus CMS Cross-Site Request Forgery Vulnerability

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site request forgery vulnerability exists...

8.8CVSS7AI score0.0065EPSS
Exploits1References1
CVE
CVE
added 2018/03/14 8:0 p.m.42 views

CVE-2018-8717

CVE-2018-8717 affects joyplus-cms 1.6.0 and is a cross-site request forgery (CSRF) vulnerability. The issue is demonstrated by a CSRF request to manager/admin_ajax.php?action=save&tab={pre}manager that can result in adding an administrator account. The connected sources confirm the vulnerability ...

8.8CVSS8.5AI score0.0065EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/03/14 8:0 p.m.23 views

CVE-2018-8717

joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...

8.7AI score0.0065EPSS
Exploits1References1
Rows per page
Query Builder