2 matches found
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
CVE-2018-17361 affects WeaselCMS v0.3.6 (PHP). Multiple XSS vulnerabilities allow remote attackers to inject arbitrary web script or HTML via PATH_INFO to index.php; root cause is mishandling of $_SERVER['PHP_SELF']. Public exploit details are not provided in the connected documents; no remediati...