Vulnerability Details : CVE-2018-19461
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2018-19461
- cpe:2.3:a:phome:empirecms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-19461
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-19461
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
4.8
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
1.7
|
2.7
|
NIST |
CWE ids for CVE-2018-19461
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-19461
-
https://github.com/novysodope/empireCMS7.5
GitHub - novysodope/empireCMS7.5: VulnerabilityExploit;Third Party Advisory
-
http://i.3001.net/uploads/Up_imgs/20181117-ce3d7d20372096011393bfda0d6f9d07.png!small
20181117-ce3d7d20372096011393bfda0d6f9d07.png!small (750×415)Exploit;Third Party Advisory
-
http://i.3001.net/uploads/Up_imgs/20181117-95a316d46f9a46dda7c48e541777d1fc.png!small
20181117-95a316d46f9a46dda7c48e541777d1fc.png!small (750×417)Exploit;Third Party Advisory
Jump to