2 matches found
CVE-2018-10726
CVE-2018-10726 is a stored XSS vulnerability in Datenstrom Yellow 0.7.3 exploitable via the "Edit page" action. Multiple connected reports reiterate the vendor’s note that installations accessible to untrusted users should have parserSafeMode=1 in system/config/config.ini to prevent XSS. Affected...
CVE-2018-10758
The CVE-2018-10758 entry concerns Datenstrom Yellow 0.7.3, where the edit/ URI is vulnerable to CSRF via a delete action that can delete articles. The core issue is a CSRF flaw in the edit endpoint that allows unauthorized deletion of content, implying that an attacker could induce a logged-in us...