Cross Site Scripting issue in MAUTIC 2.13.1
Cross Site Scripting issue in MAUTIC 2.13.1 CVE: CVE-2018-11198 Version: Mautic 2.13.1 Severity: Severe Explanation: Stored Cross Site Scripting vulnerability is found by manipulating argument authorUrl with an unknown input and is triggered by unknown functionality of the file config.json
Pecl http extension Memory Corruption Vulnerability
Pecl http extension Memory Corruption Vulnerability CVE: CVE-2016-7398 Version: pecl-http extension up to 2.6.0beta2/3.1.0beta2 Severity: Medium Explanation: The function merge_param() of the file php_http_params.c. Forged http requests can cause memory corruption.
Sahi Pro Weak Authentication Vulnerability
Sahi Pro Weak Authentication Vulnerability CVE: CVE-2019-15102 Version: Sahi Pro (Upto Version : 8.0) Severity: Critical Explanation: The function TestRunner_Non_distributed of create/modify/delete. The manipulation with an unknown input leads to a weak authentication vulnerability (Code Execution). Impacted is confidentiality, integrity, and availability.