Teameasy
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16345 | Hig | 0.57 | 8.8 | 0.01 | Sep 2, 2018 | An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | ||
| CVE-2018-17113 | Med | 0.40 | 6.1 | 0.01 | Sep 17, 2018 | App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | ||
| CVE-2018-16759 | Med | 0.40 | 6.1 | 0.01 | Sep 9, 2018 | The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. | ||
| CVE-2018-10374 | Med | 0.40 | 6.1 | 0.01 | Apr 25, 2018 | EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. | ||
| CVE-2018-16773 | Med | 0.31 | 4.8 | 0.01 | Sep 10, 2018 | EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. |
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
- risk 0.40cvss 6.1epss 0.01
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.
- risk 0.40cvss 6.1epss 0.01
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.
- risk 0.40cvss 6.1epss 0.01
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.
- risk 0.31cvss 4.8epss 0.01
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.