5.1
CVE-2018-25249 - MyBB My Arcade Plugin 1.3 Persistent XSS via Comment
MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit tβ¦
5.1
CVE-2018-25248 - MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators valβ¦
5.1
CVE-2018-25247 - MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, wβ¦
8.7
CVE-2018-25245 - 7 Tik 1.0.1.0 Denial of Service via Search
7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.
6.9
CVE-2018-25244 - Eco Search 1.0.2.0 Denial of Service
Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a seaβ¦
6.9
CVE-2018-25243 - FastTube 1.0.1.0 Denial of Service via Search
FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation isβ¦
6.9
CVE-2018-25242 - One Search 1.1.0.0 Denial of Service
One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar to trigger an unhandled exception tβ¦
8.7
CVE-2018-25241 - VPN Browser+ 1.1.0.0 Denial of Service
VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of characters into the search bar to trigger an unhandled exception that β¦
6.9
CVE-2018-25240 - Watchr 1.1.0.0 Denial of Service via Search
Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the applicβ¦
6.9
CVE-2018-25239 - Smart VPN 1.1.3.0 Denial of Service via Search
Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buffer of 2100 characters into the top right search bar to trigger an unhandled exception that crashes β¦