Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2018-17361

Disclosure Date: September 23, 2018 (last updated November 27, 2024)
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.
0
0
Attacker Value
Unknown

CVE-2018-16352

Disclosure Date: September 02, 2018 (last updated November 27, 2024)
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.
0
0
Attacker Value
Unknown

CVE-2018-14958

Disclosure Date: August 05, 2018 (last updated November 27, 2024)
An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.
0
0
Attacker Value
Unknown

CVE-2018-14959

Disclosure Date: August 05, 2018 (last updated November 27, 2024)
An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.
0
0
Attacker Value
Unknown

CVE-2018-14877

Disclosure Date: August 03, 2018 (last updated November 27, 2024)
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.
0
0