Princyedward

#9469of 53,624
29.2Total CVSS
Vulnerabilities · 5
Medium
5
PT-2018-14369
6.1
2018-10-10
Dili · Dilicms · CVE-2018-18209
**Name of the Vulnerable Software and Affected Versions** DiliCMS version 2.4.0 **Description** A security issue exists due to the presence of XSS in the `attachment type` parameter of the "admin/index.php/setting/site?tab=site attachment" endpoint. **Recommendations** For DiliCMS version 2.4.0, avoid using the `attachment type` parameter in the "admin/index.php/setting/site?tab=site attachment" endpoint until a fix is available.
PT-2018-14371
6.1
2018-10-10
Dili · Dilicms · CVE-2018-18210
**Name of the Vulnerable Software and Affected Versions** DiliCMS version 2.4.0 **Description** A security issue exists due to the presence of XSS in the `attachment url` parameter of the "admin/index.php/setting/site?tab=site attachment" endpoint. **Recommendations** For DiliCMS version 2.4.0, avoid using the `attachment url` parameter in the affected endpoint until the issue is resolved.
PT-2018-13846
6.1
2018-09-13
Monstra · Monstra Cms · CVE-2018-17025
**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns an XSS exploit via the `page meta title` parameter in the `admin/index.php` file when performing an `edit page` action for a page without a special role. **Recommendations** For Monstra CMS version 3.0.4, consider restricting access to the `edit page` action or validating and sanitizing the `page meta title` parameter to prevent XSS exploitation. As a temporary workaround, avoid using the `page meta title` parameter in the affected `admin/index.php` file until a patch is available.
PT-2018-13446
6.1
2018-08-30
Minicms · Minicms · CVE-2018-16233
**Name of the Vulnerable Software and Affected Versions** MiniCMS version 1.10 **Description** The issue allows for XSS via the `tags` parameter in the "mc-admin/post-edit.php" endpoint. **Recommendations** For MiniCMS version 1.10, avoid using the `tags` parameter in the "mc-admin/post-edit.php" endpoint until the issue is resolved.
PT-2018-11603
4.8
2018-07-03
Clippercms · Clippercms · CVE-2018-13106
**Name of the Vulnerable Software and Affected Versions** ClipperCMS version 1.3.3 **Description** The issue is related to stored XSS, which can be exploited via the "Tools -> Configuration" screen of the manager/ URI. **Recommendations** For ClipperCMS version 1.3.3, update to a newer version that contains a fix for this issue.