Xxy961216

#9820of 53,634
28.1Total CVSS
Vulnerabilities · 4
Medium
3
Critical
1
PT-2018-13904
6.1
2018-09-17
Easycms · Easycms · CVE-2018-17113
**Name of the Vulnerable Software and Affected Versions** EasyCMS version 1.5 **Description** The issue is related to an XSS vulnerability in the uploadify.swf file, specifically through the `uploadifyID` or `movieName` parameter. **Recommendations** For EasyCMS version 1.5, consider restricting access to the uploadify.swf file to minimize the risk of exploitation. Avoid using the `uploadifyID` or `movieName` parameters in the affected API endpoint until the issue is resolved.
PT-2018-13861
6.1
2018-09-14
Cqu · Cqu-Lankers · CVE-2018-17049
**Name of the Vulnerable Software and Affected Versions** CQU-LANKERS through 2017-11-02 **Description** The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved by exploiting the `callback` parameter in the "public/api.php" endpoint, specifically in an `uploadpic` action. **Recommendations** For CQU-LANKERS through 2017-11-02, avoid using the `callback` parameter in the "public/api.php" endpoint for the `uploadpic` action until a fix is available. As a temporary workaround, consider restricting access to the `uploadpic` action to minimize the risk of exploitation.
PT-2018-13701
9.8
2018-09-08
Baijiacms · Baijiacms · CVE-2018-16724
**Name of the Vulnerable Software and Affected Versions** baijiacms version V4 **Description** A Blind SQL Injection issue exists via the `order` parameter in an "index.php?act=index" request. **Recommendations** For baijiacms version V4, avoid using the `order` parameter in the "index.php?act=index" request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-13702
6.1
2018-09-08
Baijiacms · Baijiacms · CVE-2018-16725
**Name of the Vulnerable Software and Affected Versions** baijiacms version V4 **Description** A security issue exists in the software due to a Cross-Site Scripting (XSS) flaw. The vulnerability is exploited via the `id` parameter in the `assets/weengine/components/zclip/ZeroClipboard.swf` endpoint. This issue arises from the non-standard use of a flash component. **Recommendations** For baijiacms version V4, avoid using the `id` parameter in the `assets/weengine/components/zclip/ZeroClipboard.swf` endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the ZeroClipboard.swf component to minimize the risk of exploitation.