7 matches found
CVE-2020-18449
Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...
CVE-2020-18449
Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...
CVE-2020-18449
CVE-2020-18449 : XSS vulnerability in UKCMS v1.1.10, triggered by data in the index function of Single.php. Root cause: inadequate input handling/sanitization in that function. Impact: user-visible cross-site scripting as described; exploitation details not provided in the supplied documents. Rem...
CVE-2019-10888
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...
Cross site request forgery (csrf)
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...
CVE-2019-10888
UKcms v1.1.10 is affected by a cross-site request forgery (CSRF) vulnerability that can be exploited through admin.php/admin/role/add.html to add an administrator account. The issue stems from CSRF protection gaps on the role-management endpoint, enabling privilege escalation by creating an admin...