CVE-2018-7198
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
Source: CVE-2018-7198
[월:] 2018년 02월
CVE-2018-7197
CVE-2018-7197
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.
Source: CVE-2018-7197
CVE-2018-6005
CVE-2018-6005
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
Source: CVE-2018-6005
CVE-2018-6584
CVE-2018-6584
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
Source: CVE-2018-6584
CVE-2018-6396
CVE-2018-6396
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
Source: CVE-2018-6396
CVE-2018-6583
CVE-2018-6583
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
Source: CVE-2018-6583
CVE-2018-6373
CVE-2018-6373
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
Source: CVE-2018-6373
CVE-2018-6004
CVE-2018-6004
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
Source: CVE-2018-6004
CVE-2018-6394
CVE-2018-6394
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
Source: CVE-2018-6394
CVE-2018-6368
CVE-2018-6368
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
Source: CVE-2018-6368