Datenstrom

datenstrom

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Yellow

yellow

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10758 1Datenstrom 1Yellow Nov 21, 2024 May 5, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.
CVE-2018-10726 1Datenstrom 1Yellow Nov 21, 2024 May 4, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have...Show more A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSSShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-10758

1Datenstrom

1Yellow

Nov 21, 2024

May 5, 2018

N/A· v4

6.5 MEDIUM· v3

5.8 MEDIUM· v2

The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.

CVE-2018-10726

1Datenstrom

1Yellow

Nov 21, 2024

May 4, 2018

N/A· v4

5.4 MEDIUM· v3

3.5 LOW· v2

A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have...Show more