2 matches found
CVE-2018-10136
Vulnerability summary (CVE-2018-10136): iScripts UberforX 2.2 contains a Stored XSS in the Admin Panel under the “manage_settings” page, exploitable by injecting script via the value field in the URI /cms?section=manage_settings&action=edit. The Red Hat and CNVD entries corroborate the same issue...
CVE-2018-10137
CSRF in iScripts UberforX 2.2 Admin Panel: the issue is in the manage_settings section exposed at /cms?section=manage_settings&action=edit. CVSS3 base score 8.8 (HIGH); attack vector NETWORK, user interaction REQUIRED, impacts on C/I/A HIGH. No exploitation details are provided in the documents; ...