90 matches found
CVE-2021-30176
The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint...
PT-2020-10894 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: NetBox versions 2.6.2 and earlier Description: The issue allows an authenticated user to conduct a cross-site scripting XSS attack against an admin via a GFM-rendered field. This can be demonstrated by the "/dcim/sites/add/" endpoint,...
UWA Cross-Site Request Forgery Vulnerability
UWA is a universal content management system CMS. A cross-site request forgery vulnerability exists in the index.php?g=admin&c=admin&a=addadmindo URL in UWA version 2.3.11. A remote attacker can exploit this vulnerability to perform unauthorized operations...
CVE-2018-19327
An issue was discovered in JTBCPHP 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF...
rejucms cross-site scripting vulnerability (CNVD-2018-19433)
rejucms is an online video web content management system CMS. A cross-site scripting vulnerability exists in rejucms version 2.1, which stems from the program's failure to enforce strict filtering. The vulnerability can be exploited to inject arbitrary web script or HTML by sending the 'uname'...
CVE-2018-11018
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery CSRF vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html...
WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2018-09387)
WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in WUZHI CMS version 4.1.0. A remote attacker can exploit this vulnerability by sending the 'tag' parameter to the...
PT-2018-9818 · Wuzhi · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: A persistent XSS issue allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the "/index.php?m=tags&f=index&v=add" API endpoint. Recommendations: For WUZHI CMS versi...
arhivach.org XSS vulnerability
Vulnerable URL: https://arhivach.org/add/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 02.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 16022 VIP website status:| Yes Coordinated Disclosure Timeline: Description| Value ---|---...
PT-2006-3389 · Dubanner · Dubanner
Name of the Vulnerable Software and Affected Versions: DUbanner version 3.1 Description: The issue allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, to the add.asp endpoint, probably due to client-side enforcement that can be...