47 matches found
SUSE CVE-2009-5026
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments...
SUSE CVE-2015-5667
Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...
Broken access control - Someone still can comment in unactive FAQ NEWS
Description when a NEWS FAQ turns on the comments feature and disables post like this settings. Screenshot https://imgur.com/a/9UY4QRf if you create a FAQ news with those settings and view the post, you will notice that the comment section is disabled Screenshot https://imgur.com/a/rY6zJt9 Proof ...
PT-2022-26248 · Unknown · Backdrop Cms
Name of the Vulnerable Software and Affected Versions: Backdrop CMS version 1.23.0 Description: A stored cross-site scripting XSS issue was found in Backdrop CMS. The issue is related to the 'Comment' feature, allowing for potential XSS attacks. Recommendations: For Backdrop CMS version 1.23.0,...
PortlandLabs Concrete Cms 跨站脚本漏洞
PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS that stems from the failure of the website field of the product's podcast comment feature to properly...
Design/Logic Flaw
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board...
CVE-2020-14294
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board...
WSO2 3.1.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory:...
CVE-2014-10382
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment...
Debian DLA-339-1 : libhtml-scrubber-perl security update
HTML::Scrubber is vulnerable to a cross-site scripting XSS vulnerability when the comment feature is enabled. It allows remote attackers to inject arbitrary web script or HTML via a crafted comment. For Debian 6 squeeze, this has been fixed in libhtml-scrubber-perl version 0.08-4+deb6u1. Cheers,...
CVE-2015-5667
Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...
DEBIAN-CVE-2015-5667
Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...
CVE-2015-5667
Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...
CVE-2015-5667
Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...
CVE-2014-7226
The file comment feature in Rejetto HTTP File Server hfs 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols...
Design/Logic Flaw
The file comment feature in Rejetto HTTP File Server hfs 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols...
CVE-2014-7226
The file comment feature in Rejetto HTTP File Server hfs 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols...
Rejetto HTTP File Server (HFS) 2.3a2.3b2.3c - Remote Command Execution
Rejetto HTTP File Server HFS 2.3a2.3b2.3c - Remote Command Execution ========================================================== HTTP File Server 2.3a - 2.3b - 2.3c Remote Command Execution Author : Daniele Linguaglossa Date: 30/09/2014 Remote: Yes Vendor Homepage: http://rejetto.com/ Software Lin...
Diigo Toolbar and Diigolet Comment Feature - HTML Injection and Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/29611/info Diigo Toolbar and Diigolet are prone to an HTML-injection vulnerability and an information-disclosure vulnerability when handling data via the 'comment' feature. An attacker can exploit the HTML-injection issue...
CVE-2009-5026
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments...