CVE-2023-49490

XunRuiCMS v4.5.5 contains a reflective cross-site scripting (XSS) vulnerability exploitable via the component /admin.php. The issue is documented across multiple sources (NVD, Red Hat, CNNVD, CVE listing) and is associated with XunRuiCMS 4.5.5. The root cause is reflective XSS in /admin.php, allo...

PT-2023-31244 · Xunruicms · Xunruicms

Name of the Vulnerable Software and Affected Versions: XunRuiCMS version 4.5.5 Description: A reflective cross-site scripting XSS issue was found in XunRuiCMS via the component /admin.php. This allows for potential XSS attacks. Recommendations: For XunRuiCMS version 4.5.5, as a temporary...

CVE-2023-49490

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin.php...

CVE-2023-48940

A stored cross-site scripting XSS vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A stored cross-site scripting XSS vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

Design/Logic Flaw

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

CVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

PT-2023-30271 · Lmxcms · Lmxcms

Name of the Vulnerable Software and Affected Versions: lmxcms version 1.41 Description: An issue in lmxcms allows a remote attacker to execute arbitrary code via a crafted script to the "admin.php" file. Recommendations: For lmxcms version 1.41, consider disabling access to the "admin.php" file a...

CVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

CVE-2023-45201

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

Open redirect

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

PT-2023-29454 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. The 'q' parameter of the "admin.php" resource is vulnerable to Open Redirect attacks...

The vulnerability in the admin.php script of the WordPress content management system’s “My Sticky Elements” plugin allows attackers to perform cross-site scripting attacks.

The vulnerability of the admin.php script on the WordPress administration panel of the My Sticky Elements plugin is related to the lack of protective measures for the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

Cross site scripting

Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting XSS vulnerability is in the /admin.php?page=plugins&tab=new&installstatus=ok&pluginid=here page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS co...

Lamano CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Lamano CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

Sql injection

A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was...

CVE-2023-5017

CVE-2023-5017 affects lmxcms up to version 1.41. The vulnerability exists in admin.php where manipulating the lid parameter leads to SQL injection. Exploitation details are not provided in the core initial document, but multiple connected sources (PRION, NVD, RH, CVE lists, PT Security) consisten...

CVE-2023-5017 lmxcms admin.php sql injection

A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was...

CVE-2023-5017 lmxcms admin.php sql injection

A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was...