9 matches found
Sentrifugo Code Issue Vulnerability
Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A security vulnerability exists in Sentrifugo version 3.2, which is caused by a user being able to upload images unde...
CVE-2020-26803
In Sentrifugo 3.2, users can upload an image under "Assets - Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server...
DomainMOD cross-site scripting vulnerability (CNVD-2019-07965)
DomainMOD is an open source application for managing your domain names and other Internet assets in a central location. DomainMOD 4.11.01 suffers from a cross-site scripting vulnerability that can be exploited by an attacker via the assets/add/category.php Category Name or Stakeholder fields...
CVE-2018-20011
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field...
CVE-2018-20011
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field...
CVE-2018-19914
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field...
CVE-2018-19752
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar...
Code injection
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...
CVE-2017-14498
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...