2 matches found
CVE-2018-18735
CVE-2018-18735 describes a cross-site request forgery in Catfish Blog 2.0.33, specifically in the admin/Index/tiquan functionality. The CVE entry notes a CSRF vulnerability that could allow an attacker to affect user roles (e.g., change user type) given the documented access path. From the initia...
CVE-2018-18736
CVE-2018-18736 corresponds to an XSS vulnerability in catfish blog 2.0.33 (described as related to “write source code”). Affected component: catfish blog (version 2.0.33). Root cause details are not fully specified in the provided documents beyond the XSS note. Potential impact is cross-site scri...