Balvinder Singh

Pesquisador deBreachLock
#9139de 53,634
29.9CVSS total
Vulnerabilidades · 6
Baixa
1
Média
5
PT-2018-15163
3.5
2018-12-31
Cuppacms · Cuppacms · CVE-2018-19918
**Name of the Vulnerable Software and Affected Versions** CuppaCMS (affected versions not specified) **Description** The issue is related to a Cross-Site Scripting (XSS) attack. It occurs when an SVG document is uploaded to the administrator/#/component/table manager/view/cu views URI, allowing malicious scripts to be executed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-13663
6.5
2018-12-10
Nucleus · Nucleus Cms · CVE-2018-16636
**Name of the Vulnerable Software and Affected Versions** Nucleus CMS version 3.70 **Description** The issue allows for HTML Injection via the `body` parameter in `index.php`. **Recommendations** For Nucleus CMS version 3.70, avoid using the `body` parameter in the `index.php` endpoint until the issue is resolved.
PT-2018-13977
4.8
2018-09-21
Cuppacms · Cuppacms · CVE-2018-17300
**Name of the Vulnerable Software and Affected Versions** CuppaCMS versions prior to 2018-09-03 **Description** A stored XSS issue exists, allowing exploitation via the section name in the administrator/#/component/table manager/view/cu menus section. **Recommendations** For versions prior to 2018-09-03, update to a version released after 2018-09-03 to resolve the issue. As a temporary workaround, consider restricting access to the administrator/#/component/table manager/view/cu menus section to minimize the risk of exploitation.
PT-2018-13978
5.4
2018-09-21
Espocrm · Espocrm · CVE-2018-17301
**Name of the Vulnerable Software and Affected Versions** EspoCRM version 5.3.6 **Description** A reflected XSS issue exists in the client/res/templates/global-search/name-field.tpl file of EspoCRM, which can be exploited via the `/#Account` endpoint in the search panel. **Recommendations** For EspoCRM version 5.3.6, update to a newer version that contains a fix for this issue, as using outdated versions may pose a security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-13979
5.4
2018-09-21
Espocrm · Espocrm · CVE-2018-17302
**Name of the Vulnerable Software and Affected Versions** EspoCRM version 5.3.6 **Description** A stored XSS issue exists in the views/fields/wysiwyg.js file, which can be exploited via a /#Email/view saved draft message. **Recommendations** For EspoCRM version 5.3.6, consider disabling the wysiwyg editor in the Email view until a patch is available to prevent potential exploitation.
PT-2015-6921
4.3
2015-07-08
Nucleus · Nucleus Cms · CVE-2015-5454
**Name of the Vulnerable Software and Affected Versions** Nucleus CMS (affected versions not specified) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `title` parameter when adding a new item. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.