Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8419PUBLISHED: 2019-02-17VNote 2.2 has XSS via a new text note.
CVE-2019-8421PUBLISHED: 2019-02-17upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVE-2019-8422PUBLISHED: 2019-02-17A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
CVE-2019-7649PUBLISHED: 2019-02-17global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
CVE-2019-8418PUBLISHED: 2019-02-17SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.