Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Nc-Cms Security Vulnerabilities - November

cve
cve

CVE-2018-18290

An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality

4.8CVSS

4.8AI Score

0.001EPSS

2018-10-14 09:29 PM
24
cve
cve

CVE-2018-18361

An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element.

6.1CVSS

5.9AI Score

0.001EPSS

2018-10-15 03:29 PM
21
cve
cve

CVE-2018-18874

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.

9.8CVSS

9.7AI Score

0.007EPSS

2018-10-31 04:29 PM
22
cve
cve

CVE-2019-7721

lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.

7.5CVSS

7.5AI Score

0.001EPSS

2019-02-11 04:29 AM
23