2 matches found
Cross-site Scripting (XSS)
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Comment.insert function that that lacks sanitization for stored HTML. An attacker can execute arbitrary JavaScript code in the context of the user's browser by submitting crafted input...
Fiyo CMS SQL Injection Vulnerability (CNVD-2017-23893)
Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in the /apps/appcomment/controller/insert.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'name'...