Packagist (Composer) package
quickapps/cms
pkg:composer/quickapps/cms
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17102 | — | <= 2.0.0-beta2 | — | Sep 16, 2018 | An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI. | ||
| CVE-2018-9108 | — | — | — | Mar 28, 2018 | CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges. | ||
| CVE-2017-1000495 | — | < 2.0.0 | 2.0.0 | Jan 3, 2018 | QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account |
- CVE-2018-17102Sep 16, 2018affected <= 2.0.0-beta2
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI.
- CVE-2018-9108Mar 28, 2018
CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges.
- CVE-2017-1000495Jan 3, 2018affected < 2.0.0fixed 2.0.0
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account