Description

Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280.

Remediation

References

CVE-2018-14481

Related Vulnerabilities

WordPress Plugin Email Queue by BestWebSoft Cross-Site Request Forgery (1.0.0)

WordPress Plugin Name Directory Cross-Site Scripting (1.7.6)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Multiple Cross-Site Scripting Vulnerabilities (1.1.65)

Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-33320)

WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.3.1)

Severity

Medium

Classification

CVE-2018-14481 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities