CVE-2018-9236

CVE-2018-9236 is a stored XSS vulnerability in iScripts EasyCreate 3.2.1 affecting the Site title (and Site Description per PoC) fields. Exploitation requires data input stored server-side and later rendered, enabling script execution in victims’ browsers. The CVSS metrics from NVD show a base sc...

CVE-2018-9237

Summary (CVE-2018-9237) : iScripts EasyCreate 3.2.1 contains a stored Cross-Site Scripting (XSS) vulnerability in the Site Description field (and also Site Title per sources). The weakness allows injected HTML/JS to be stored and later executed in the context of the affected application, enabling...