CVE-2018-14877

WeaselCMS v0.3.5 is affected by a cross-site scripting (XSS) vulnerability on the SETTINGS page. The issue allows injection of JavaScript through the Site Language, Site Title, Site Description, and Site Keywords fields. Some sources describe the attack as remote and exploitative via the affected...

CVE-2018-16352

CVE-2018-16352 affects WeaselCMS 0.3.6. A vulnerability in index.php allows PHP code to be embedded at the end of a .png file when served as image/png, enabling a PHP code upload vulnerability. The CVE is documented across multiple sources (NVD, OSV, CVE lists). The connected documents provide th...

CVE-2018-17361

CVE-2018-17361 affects WeaselCMS v0.3.6 (PHP). Multiple XSS vulnerabilities allow remote attackers to inject arbitrary web script or HTML via PATH_INFO to index.php; root cause is mishandling of $_SERVER['PHP_SELF']. Public exploit details are not provided in the connected documents; no remediati...

CVE-2018-14959

CVE-2018-14959 affects WeaselCMS v0.3.5. The issue is a Cross-Site Request Forgery (CSRF) that enables an attacker to create new pages via the URL index.php?b=pages&a=new URI. Evidence across multiple sources (NVD, Red Hat, CNVD, OSV, CVE lists) confirms the vulnerability exists in that specific ...

CVE-2018-14958

CVE-2018-14958 affects WeaselCMS v0.3.5. The vulnerability is a CSRF flaw that allows updating website settings (theme, title, description) via index.php. This is confirmed across multiple sources (NVD, Red Hat advisory, OSV, etc.). The CVSS data indicate a high-severity impact (C/H/I/H/A/H) with...