Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nconsulting vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2018-18290
An issue exists in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality
Nconsulting Nc-cms
6.1
CVSSv3
CVE-2018-18361
An issue exists in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element.
Nconsulting Nc-cms
9.8
CVSSv3
CVE-2018-18874
nc-cms through 2017-03-10 allows remote malicious users to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.
Nconsulting Nc-cms
7.5
CVSSv3
CVE-2019-7721
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.
Nconsulting Nc-cms 3.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26101
buffer overflow
CVE-2022-26766
CVE-2022-46689
CVE-2024-26124
CVE-2024-26059
firmware
hard-coded
CVE-2024-26118
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started