MidnightBSD

Advisories for crea8social

CVE-2015-1054 LOW

Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
crea8social crea8social 2.0
CVE-2018-9120 LOW

In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
crea8social crea8social 2018.2
CVE-2018-9121 LOW

In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
crea8social crea8social 2018.2
CVE-2018-9122 LOW

In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
crea8social crea8social 2018.2
CVE-2018-9123 LOW

In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
crea8social crea8social 2018.2