Belloo Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in versions of Belloo prior to 4.2.7.7, which allows attackers to filter user-supplied data and output data via the aerror description parameter in the assets/sources/instagram.php script. description parameter in the assets/sources/instagram.php script...

CVE-2021-41695

An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php...

CVE-2021-41695

An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php...

CVE-2021-41697

A reflected Cross Site Scripting XSS vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerrordescription parameter in assets/sources/instagram.php script...

Authentication flaw

An authentication bypass account takeover vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php...

Improper access control

An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php...

CVE-2021-41697

A reflected Cross Site Scripting (XSS) vulnerability exists in Belloo/Premiumdatingscript around version 4.2.7.7, exploitable via the aerror_description parameter in assets/sources/instagram.php. Sources in CNVD/CNNVD/Red Hat/CVE listings describe a client-side JavaScript execution risk due to in...

CVE-2021-41695

An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php...