Yellow
by Datenstrom
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10758 | 0.00 | — | 0.00 | May 5, 2018 | The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. | |||
| CVE-2018-10726 | 0.00 | — | 0.00 | May 4, 2018 | A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS |
- CVE-2018-10758May 5, 2018risk 0.00cvss —epss 0.00
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.
- CVE-2018-10726May 4, 2018risk 0.00cvss —epss 0.00
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS