2 matches found
CVE-2018-19469
CVE-2018-19469 affects ArticleCMS (versions up to 2017-02-19). The issue is a reflected XSS in the update_personal_infomation path, exploitable via the realname or email parameters. Root cause is unsanitized input being reflected back to the page, enabling script execution in a user’s browser. Do...
CVE-2018-12339
CVE-2018-12339 describes a cross-site scripting vulnerability in ArticleCMS up to 2017-02-19, exploitable via an "add an article" action. The connected documents consistently identify this as a XSS flaw affecting ArticleCMS, with multiple sources corroborating the vulnerable action, including Red...