Lucene search
K

5 matches found

OSV
OSV
added 2018/03/20 5:29 a.m.4 views

CVE-2018-8805

Yxcms building system compatible cell phone v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extendguestbook.php or protected\apps\default\view\mobile\extendguestbook.php in an index.php?r=default/column/index&col=guestbook request...

6.1CVSS5.8AI score0.00707EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/20 12:0 a.m.8 views

Yxcms Logic Flaw Vulnerability

Yxcms building system compatible cell phone is a website creation system. A security vulnerability exists in the protected\apps\member\controller\shopcarController.php file in version 1.4.7 of the Yxcms building system compatible cell phone. The vulnerability can be exploited by an attacker to...

7.5CVSS6.8AI score0.0089EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/03/19 2:29 p.m.3 views

CVE-2018-8761

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

7.5CVSS5.5AI score0.0089EPSS
Exploits0References2
OSV
OSV
added 2018/03/19 2:29 p.m.5 views

CVE-2018-8761

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

7.5CVSS5.8AI score0.0089EPSS
Exploits0References1
CVE
CVE
added 2018/03/19 2:0 p.m.46 views

CVE-2018-8761

CVE-2018-8761 : In Yxcms building system (compatible cell phone) v1.4.7, a logic flaw in the file protected\apps\member\controller\shopcarController.php allows an attacker to modify a price before form submission by observing data in a packet capture. The vulnerability is described in multiple so...

7.5CVSS7.4AI score0.0089EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder