2 matches found
CVE-2018-13000
AEF (Advanced Electron Forum) v1.0.9 contains a persistent Cross‑Site Scripting (XSS) vulnerability in the Private Message module, originating from unsanitized content in the FTP Link editor. A remote attacker with restricted privileges can inject a script payload via the editor’s FTP Link elemen...
AEF CMS v1.0.9 - (PM) Persistent Cross Site Vulnerability
Document Title: =============== AEF CMS v1.0.9 - PM Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2123 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13000 CVE-ID: ======= CVE-2018-13000 Release Date:...