38 matches found
CVE-2025-11070
A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2025-11070
A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2025-11070
CVE-2025-11070 affects Projectworlds Online Shopping System 1.0. The vulnerable component is the file /store/cart_add.php, where manipulating the ID parameter enables a SQL injection. Public exploitability is indicated, with remote access possible and high impact on confidentiality, integrity, an...
CVE-2024-11070
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack ma...
CVE-2016-11070
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values...
Linux Distros Unpatched Vulnerability : CVE-2019-11070
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth...
CVE-2024-11070
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack ma...
CVE-2024-11070
creationtimestamp| type| source ---|---|--- 2024-11-11 14:36:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113464823279325330 2024-11-11 16:56:33+00:00| seen| https://t.me/cvedetector/10508...
CVE-2024-11070 Sanluan PublicCMS Tag Type save cross site scripting
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack ma...
CVE-2024-11070 Sanluan PublicCMS Tag Type save cross site scripting
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack ma...
CVE-2024-11070
CVE-2024-11070 affects Sanluan PublicCMS 5.202406.d. The issue is a cross-site scripting vulnerability in the Tag Type Handler, specifically in the /admin/cmsTagType/save endpoint where manipulation of the argument name enables XSS. The vulnerability can be triggered remotely and the exploit has ...
Rocky Linux 8 : GNOME (RLSA-2019:3553)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3553 advisory. - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, ...
NewStart CGSL CORE 5.05 / MAIN 5.05 : webkitgtk4 Multiple Vulnerabilities (NS-SA-2021-0166)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has webkitgtk4 packages installed that are affected by multiple vulnerabilities: - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS,...
SUSE: Security Advisory (SUSE-SU-2019:1137-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1155-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-11070
creationtimestamp| type| source ---|---|--- 2020-06-20 00:55:38+00:00| seen| https://t.me/cibsecurity/12949...
CVE-2016-11070
Mattermost Server prior to version 3.1.0 is affected by an XSS vulnerability via theme color-code values. Root cause: improper handling/validation of user-provided theme color data that can be reflected in the client. Impact is documented as cross-site scripting with low to medium severity depend...
CVE-2020-11070 Cross-Site Scripting in SVG Sanitizer
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site...
CVE-2020-11070
CVE-2020-11070 affects TYPO3 SVG Sanitizer extension. The vulnerability arises when slightly invalid or incomplete SVG markup is not sanitized, allowing the browser to execute cross-site scripting. Affected versions are prior to 1.0.3. The issue stems from inadequate handling of malformed SVG dur...
CVE-2019-11070
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...