-
CVE-2018-18524
•
published on May 13, 2019
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer.
-
CVE-2018-18524
•
published on May 13, 2019
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer.
-
CVE-2018-16623
•
published on May 13, 2019
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.
-
CVE-2018-16623
•
published on May 13, 2019
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.
-
CVE-2018-16623
•
published on May 13, 2019
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.
-
CVE-2018-16624
•
published on May 13, 2019
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.
-
CVE-2018-16624
•
published on May 13, 2019
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.
-
CVE-2018-16624
•
published on May 13, 2019
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.
-
CVE-2018-16625
•
published on May 13, 2019
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
-
CVE-2018-16625
•
published on May 13, 2019
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
-
CVE-2018-16625
•
published on May 13, 2019
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
-
CVE-2018-16626
•
published on May 13, 2019
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
-
CVE-2018-16626
•
published on May 13, 2019
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
-
CVE-2018-16626
•
published on May 13, 2019
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
-
CVE-2018-16639
•
published on May 13, 2019
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
-
CVE-2018-16639
•
published on May 13, 2019
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
-
CVE-2018-16639
•
published on May 13, 2019
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
-
CVE-2018-18558
•
published on May 13, 2019
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.
-
CVE-2018-18558
•
published on May 13, 2019
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.
-
CVE-2018-18558
•
published on May 13, 2019
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.