Strukt93

#14981de 53,635
17.9CVSS total
Vulnerabilidades · 3
Média
2
Alta
1
PT-2018-9412
4.3
2018-06-26
Limesurvey · Limesurvey · CVE-2018-1000514
**Name of the Vulnerable Software and Affected Versions** LimeSurvey versions 3.0.0-beta.3+17110 through 3.5.x **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in Boxes, which can lead to admins unintentionally deleting boxes. **Recommendations** For LimeSurvey versions 3.0.0-beta.3+17110 through 3.5.x, update to version 3.6.x to resolve the issue.
PT-2018-15178
8.8
2018-01-25
Phpmyadmin · Phpmyadmin · CVE-2018-19969
[Content removed]
PT-2017-10911
4.8
2017-11-17
Wbce · Wbce · CVE-2017-1000213
**Name of the Vulnerable Software and Affected Versions** WBCE version 1.1.11 **Description** The issue allows for reflected XSS attacks via the `begriff` POST parameter in the "/admin/admintools/tool.php?tool=user search" API endpoint. **Recommendations** For WBCE version 1.1.11, as a temporary workaround, consider restricting access to the "/admin/admintools/tool.php?tool=user search" API endpoint until a patch is available. Avoid using the `begriff` parameter in this endpoint to minimize the risk of exploitation.