119 matches found
PT-2022-26859 · Unknown · Eramba Grc
Name of the Vulnerable Software and Affected Versions: Eramba GRC Software version c2.8.1 Description: A stored cross-site scripting XSS issue in the Add function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. This enables...
CVE-2022-43342
A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...
CVE-2022-36225
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery CSRF via the background, column management function and add...
CVE-2022-36225
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery CSRF via the background, column management function and add...
PT-2022-37178 · Git +1 · Clamav
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including fp cmp mag, crtmgr trust list lookup, an...
CVE-2022-33043
A cross-site scripting XSS vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file...
CVE-2022-33043
A cross-site scripting XSS vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file...
CVE-2022-33043
A cross-site scripting XSS vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file...
Duplicate token can be added to MasterChef
Lines of code Vulnerability details Impact MasterChefV2.add does not check if the lpToken is previously added. This would lead to incorrect accounting of lpToken in different pid. Proof of Concept function adduint256 allocPoint, IERC20 lpToken, IRewarder rewarder public onlyOwner uint256...
Improper Access Control
shopxo/shopxo is vulnerable to improper access control. The vulnerability exists in Add function in Index.php because it doesn't validate visitors and existing databases which allows an attacker to inject and modify the original data in the database...
Incorrect Permission Assignment for Critical Resource in ShopXO
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...
CVE-2022-28056
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...
CVE-2022-28056
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...
CVE-2022-28056
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...
Design/Logic Flaw
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...
CVE-2022-28056
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...
PT-2022-18783 · Shopxo · Shopxo
Name of the Vulnerable Software and Affected Versions: ShopXO versions 2.2.5 and below Description: The issue is related to a system re-install vulnerability. It is exploited via the Add function in the app/install/controller/Index.php file. Recommendations: For versions 2.2.5 and below, consider...
CVE-2022-28522
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
MasterChef.add must update pools first
Lines of code Vulnerability details The MasterChef.add function changes the total pool allocation but does not update other pools first. When other pools are finally updated at some point, then accConcurPerShare will be wrongly computed with their smaller allocPoint / newTotalAllocPoint share eve...
CVE-2021-34073
A Cross Site Scripting XSS vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php...