imsebao/404team
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| — | 6.5 MEDIUM | ||
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. | |||
| — | 3.5 LOW | ||
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). | |||
| — | 3.5 LOW | ||
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI. | |||
| — | 3.5 LOW | ||
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI. | |||
| 4.8 MEDIUM | 3.5 LOW | ||
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI. | |||
| — | 4.3 MEDIUM | ||
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. | |||
| — | 3.5 LOW | ||
Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. | |||
| — | 3.5 LOW | ||
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | |||
| — | 3.5 LOW | ||
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | |||
| — | 7.5 HIGH | ||
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | |||
| — | 7.5 HIGH | ||
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | |||
| — | 7.5 HIGH | ||
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | |||