Every CVE whose affected-product data names Dsmall Project Dsmall, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2018-9014 — CVSS 7.5 (high): dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request.
CVE-2018-8906 — CVSS 6.1 (medium): dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at…
CVE-2018-9307 — CVSS 6.1 (medium): dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.
CVE-2018-9015 — CVSS 5.4 (medium): dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box).
CVE-2018-9017 — CVSS 5.4 (medium): dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI.