2 matches found
CVE-2018-16450
CVE-2018-16450 concerns CraftedWeb, a CMS for game servers, with a reflected XSS vulnerability in the p parameter affecting versions up to 2013-09-24. The issue is caused by improper input handling that allows injected scripts/HTML to be returned in responses. Public details consistently describe...
CVE-2018-12919
CraftedWeb up to 2013-09-24 is affected by CVE-2018-12919. A cross-site scripting flaw exists in aasp_includes/pages/notice.php that can be triggered through the e parameter, enabling injected script/HTML. CNVD/CVE records confirm the XSS vector (via e) and reference updated CVSS scores (NVD: CVS...