9 matches found
Cross site scripting
Stored XSS exists in razorCMS 3.4.8 via the //page description parameter...
CVE-2018-19905
HTML injection exists in razorCMS 3.4.8 via the //page keywords parameter...
CVE-2018-19906
Stored XSS exists in razorCMS 3.4.8 via the //page description parameter...
Cross site scripting
HTML injection exists in razorCMS 3.4.8 via the //page keywords parameter...
CVE-2018-19906
Stored XSS exists in razorCMS 3.4.8 via the //page description parameter...
CVE-2018-19905
HTML injection exists in razorCMS 3.4.8 via the //page keywords parameter...
CVE-2018-19905
razorCMS 3.4.8 is affected by an HTML injection via the /#/page keywords parameter. The issue concerns the keywords field in that endpoint, enabling arbitrary HTML injection. Remediation hints from PT-2018-15155 suggest restricting access to the /#/page API or stopping use of the keywords paramet...
CVE-2018-17986
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user...
CVE-2018-17986
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user...