MidnightBSD

Advisories for c.p.sub_project

CVE-2017-12856 MEDIUM

Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
c.p.sub_project c.p.sub 5.2
CVE-2019-7738 MEDIUM

C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
c.p.sub_project c.p.sub *