CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

OSV•added 2019/07/05 3:16 p.m.•18 views

CVE-2019-13340

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186...

4.8CVSS5.9AI score

Exploits0References1

NVD•added 2019/07/05 3:16 p.m.•16 views

CVE-2019-13340

4.8CVSS5.2AI score0.00219EPSS

Exploits1References1

Prion•added 2019/07/05 3:16 p.m.•22 views

Cross site scripting

3.5CVSS5.2AI score0.0024EPSS

Exploits4References1Affected Software1

CVE•added 2019/07/05 2:5 p.m.•287 views

CVE-2019-13340

CVE-2019-13340 affects MiniCMS v1.10 with a stored XSS in mc-admin/post-edit.php (content box). The root cause is unsanitized input being stored in the content field, enabling an attacker to steal a user’s cookie. Impact is aligned with stored XSS, enabling credential/session data exposure; explo...

4.8CVSS5.1AI score0.00219EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/07/05 2:5 p.m.•20 views

CVE-2019-13340

5.2AI score0.00219EPSS

Exploits1References1

CVE•added 2019/07/03 4:7 p.m.•73 views

CVE-2019-13186

Affected software: MiniCMS V1.10. The vulnerability is a stored XSS in mc-admin/post-edit.php (via the content box; also similar references mention a tags box). Root cause stated: stored cross-site scripting allows an attacker to obtain a user’s cookie. The CVE entry and Red Hat quis confirm the ...

6.1CVSS5.1AI score0.0024EPSS

Exploits1References1Affected Software1

Prion•added 2018/12/27 3:29 p.m.•21 views

Sql injection

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233...

4.3CVSS5.3AI score0.0024EPSS

Exploits2References1Affected Software1

NVD•added 2018/12/27 3:29 p.m.•14 views

CVE-2018-20520

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233...

6.1CVSS5.4AI score0.0024EPSS

Exploits1References1

CVE•added 2018/12/27 3:0 p.m.•59 views

CVE-2018-20520

MiniCMS V1.10 is affected. The vulnerability is an XSS in the admin post editor: mc-admin/post-edit.php is exploitable via the query string (CVE-2018-20520) and, per related disclosures, via the content box in the editor (CVE-2019-13340). Impact per sources is to steal or access user cookies. Roo...

6.1CVSS5.2AI score0.0024EPSS

Exploits1References1Affected Software1

Prion•added 2018/08/30 10:29 p.m.•16 views

Design/Logic Flaw

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter...

4.3CVSS5.3AI score0.0024EPSS

Exploits1References1Affected Software1

OSV•added 2018/08/30 10:29 p.m.•15 views

CVE-2018-16233

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter...

6.1CVSS5.7AI score

Exploits0References1