MidnightBSD

Advisories for xiao5ucompany_project

CVE-2018-14527 MEDIUM

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xiao5ucompany_project xiao5ucompany 1.7
CVE-2018-14960 MEDIUM

Xiao5uCompany 1.7 has CSRF via admin/Admin.asp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
xiao5ucompany_project xiao5ucompany 1.7