282 matches found
CVE-2019-13186
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520...
CVE-2019-13186
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520...
Cross site scripting
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520...
CVE-2019-13186
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520...
CVE-2019-13186
Affected software: MiniCMS V1.10. The vulnerability is a stored XSS in mc-admin/post-edit.php (via the content box; also similar references mention a tags box). Root cause stated: stored cross-site scripting allows an attacker to obtain a user’s cookie. The CVE entry and Red Hat quis confirm the ...
Arbitrary File Deletion Vulnerability in miniCMS
miniCMS is a micro content management system designed for personal websites. miniCMS has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete arbitrary files...
Cross site request forgery (csrf)
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891...
CVE-2019-9603
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891...
CVE-2019-9603
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891...
CVE-2019-9603
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891...
CVE-2019-9603
CVE-2019-9603 affects MiniCMS 1.10. The provided documents describe a CSRF risk allowing deletion of articles via mc-admin/post.php?state=publish&delete= (distinct from CVE-2018-18891). No explicit root cause, exploit details, or remediation are provided in the supplied sources.
CVE-2018-20520
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233...
Sql injection
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233...
CVE-2018-20520
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233...
CVE-2018-20520
MiniCMS V1.10 is affected. The vulnerability is an XSS in the admin post editor: mc-admin/post-edit.php is exploitable via the query string (CVE-2018-20520) and, per related disclosures, via the content box in the editor (CVE-2019-13340). Impact per sources is to steal or access user cookies. Roo...
CVE-2018-20520
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233...
MiniCMS Arbitrary PHP Code Execution Vulnerability
MiniCMS is a micro content management system designed for personal websites. An arbitrary PHP code execution vulnerability exists in MiniCMS 1.10. An attacker can exploit this vulnerability to execute arbitrary PHP code via the install.php sitename parameter...
Path traversal
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename...
Authentication flaw
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late...
CVE-2018-18892
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...