yapi 安全漏洞

YMFE YApi is a visual interface management platform from YMFE, Inc. A security vulnerability exists in yapi version v1.10.2, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a crafted...

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

phpFox 安全漏洞

phpFox is a social networking platform from phpFox Inc. A security vulnerability exists in phpFox version v4.8.9. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload with the History parameter...

CVE-2024-32206

A stored cross-site scripting XSS vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter...

TOTOLINK N300RT 安全漏洞

The TOTOLINK N300RT is a wireless router designed for home and small business users. The TOTOLINK N300RT suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by the IP/Port Filtering feature of the Firewall page, an...

CVE-2024-32743

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module...

CVE-2024-32745

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

CVE-2024-30950

A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...

CVE-2024-30950

A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...

CVE-2024-32338

WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, exploitable via a crafted payload in the PAGE TITLE parameter under the Current Page module. Impact: can disclose/modify data (low confidentiality and integrity impact) with no availability impact ...

CVE-2024-32344

CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS version v3.4.3, which originates from a cross-site scripting XSS vulnerability in the Settings section. An attacker can exploit this vulnerability to execute arbitrary web script or...

CVE-2024-30950

A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...

CVE-2024-31649

CVE-2024-31649 is a cross-site scripting (XSS) vulnerability in Cosmetics and Beauty Product Online Store v1.0. The flaw allows an attacker to execute arbitrary web scripts or HTML by injecting a crafted payload into the Product Name parameter. Public sources consistently describe the affected so...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17895)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17891)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17896)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Mageia: Security Advisory (MGASA-2024-0116)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...