13 matches found
EUVD-2022-51930
Malicious code in bioql PyPI...
CVE-2023-2476
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2023-2476
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2023-2476
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2023-2476 Dromara J2eeFAST Announcement cross site scripting
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The...
PT-2023-19767 · Dromara · Dromara J2Eefast
Name of the Vulnerable Software and Affected Versions: Dromara J2eeFAST versions up to 2.6.0 Description: A problematic issue was found in the Announcement Handler component. The manipulation of the argument 系统工具/公告管理 or ????/???? leads to cross site scripting. It is possible to launch the attack...
CVE-2022-4598
A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument Text/Mobile Text leads to cross site...
CVE-2022-4598
A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument Text/Mobile Text leads to cross site...
Cross site scripting
A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument Text/Mobile Text leads to cross site...
PT-2022-27709 · Unknown · Shoplazza Lifestyle
Name of the Vulnerable Software and Affected Versions: Shoplazza LifeStyle version 1.1 Description: A vulnerability has been found in the Announcement Handler component, affecting an unknown functionality of the file /admin/api/theme-edit/. The manipulation of the Text and Mobile Text arguments...
CVE-2022-4598 Shoplazza LifeStyle Announcement cross site scripting
A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument Text/Mobile Text leads to cross site...
CVE-2022-4598 Shoplazza LifeStyle Announcement cross site scripting
A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument Text/Mobile Text leads to cross site...
CVE-2022-4598
CVE-2022-4598 affects Shoplazza LifeStyle 1.1. The Announcement Handler’s /admin/api/theme-edit/ endpoint mishandles the Text/Mobile Text parameters, enabling remote cross-site scripting. Exploitation details are publicly disclosed (PoC available). Remediation guidance from PT-Security recommends...