MidnightBSD

Advisories for ximdex

CVE-2018-11735 MEDIUM

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ximdex ximdex 4.0
CVE-2018-12047 MEDIUM

xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ximdex ximdex 4.0
CVE-2018-12272 MEDIUM

xowl/request.php in Ximdex 4.0 has XSS via the content parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ximdex ximdex 4.0
CVE-2018-12273 MEDIUM

The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ximdex ximdex 4.0