Disclosure date:  08/17/19

    CVE-2019-15229

    FuelCMS 1.4.4 and possibly before are affected by a Cross Site Request Forgery vulnerability in the Create Blocks section of the Admin console.  This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.


    Disclosure date:  08/17/19

    CVE-2019-15228

    FuelCMS 1.4.4 and possibly before are affected by a Cross Site Scripting vulnerability in the Create Blocks section of the Admin console.  This could lead to cookie stealing and other malicious
    actions.  This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.


    Disclosure date:  08/19/19

    CVE-2019-15230

    LibreNMS v1.54 and possibly before are affected by numerous Cross Site Script vulnerabilities in the "Create User", "Inventory", "Add Device", "Notifications", "Alert Rule", "Create Maintenance", "Alert Template", and "Alert Template" sections of the admin console.  This could lead to cookie stealing and other malicious actions.  This vulnerability can be exploited with an authenticated account.  


    Disclosure date:  08/16/19

    CVE-2019-15227

    Flightpath 4.8.3 and possibly before are affected by numerous Cross Site Script vulnerabilities in the "Content", "Edit urgent message", and "Users" section of the Admin Console.  This could lead to cookie stealing and other malicious actions.  This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.


    © 2020 sevenlayers.com