← Back

Yellow

yellow

Vendor: Datenstrom • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-10758
1Datenstrom
1Yellow
Nov 21, 2024
May 5, 2018
N/A· v4
6.5 MEDIUM· v3
5.8 MEDIUM· v2
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.
CVE-2018-10726
1Datenstrom
1Yellow
Nov 21, 2024
May 4, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have...Show more
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSSShow less