105 matches found
[SECURITY] Fedora 36 Update: drupal7-link-1.11-1.fc36
The link module can be count to the top 50 modules in Drupal installations and provides a standard custom content field for links. With this module links can be added easily to any content types and profiles and include advanced validating and different ways of storing internal or external links...
[SECURITY] Fedora 37 Update: drupal7-link-1.11-1.fc37
The link module can be count to the top 50 modules in Drupal installations and provides a standard custom content field for links. With this module links can be added easily to any content types and profiles and include advanced validating and different ways of storing internal or external links...
CVE-2022-40472
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module...
ZKTeco ZKBio Time 安全漏洞
A cross-site scripting vulnerability exists in ZKTeco ZKBio Time version 8.0.7, which originates from the "Content" text field of the "Add New Message" module. Content" text field of the "Add New Message" module lacks effective filtering and escaping of user-supplied data, which can be exploited ...
Shimo Document 跨站脚本漏洞
Wuhan Chuxin Technology Shimo Document is an online document editing and processing tool from Wuhan Chuxin Technology, China. A security vulnerability exists in Shimo Document version v2.0.1, which can be exploited by an attacker to execute arbitrary web script or HTML via a specially crafted loa...
HTMLy Cross-Site Scripting Vulnerability (CNVD-2021-94954)
htmly is a simple and fast database-free PHP blogging platform and flat file CMS. htmly version 2.8.1 has a vulnerability in the "content" field of the "regular post" page in the "add content" menu of the dashboard. field of the "add content" menu in the dashboard is vulnerable to a stored...
CVE-2020-23219
Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module...
Monstra CMS 代码注入漏洞
Monstra is a lightweight content management system CMS. A remote code execution vulnerability exists in Monstra version 3.0.4. The vulnerability can be exploited to execute arbitrary code via the "Snippet content" field under the "Edit Snippet" module...
CVE-2020-19618
Cross Site Scripting XSS vulnerability in mblog 3.5 via the post content field to /post/editing...
CVE-2020-19618
Cross Site Scripting XSS vulnerability in mblog 3.5 via the post content field to /post/editing...
Cross site scripting
Cross Site Scripting XSS vulnerability in mblog 3.5 via the post content field to /post/editing...
CVE-2020-19618
Cross Site Scripting XSS vulnerability in mblog 3.5 via the post content field to /post/editing...
langhsu mblog 跨站脚本漏洞
Mblog is an open source Java blog system , support for multi-user , support for switching themes. Mblog 3.5 has a cross-site scripting vulnerability , the vulnerability stems from post editing via the post content field . An attacker can use this vulnerability to inject arbitrary Web script or HT...
The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.
The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the user’s browser by placing it in the “All Content”...
The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.
The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the user’s browser by placing it in the “Card Content”...
[SECURITY] Fedora 28 Update: drupal7-link-1.6-1.fc28
The link module can be count to the top 50 modules in Drupal installations and provides a standard custom content field for links. With this module links can be added easily to any content types and profiles and include advanced validating and different ways of storing internal or external links...
Chamilo LMS 1.11.8 - Cross-Site Scripting
Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-05 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS: Kali Linux...
CVE-2018-16773
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field...
CVE-2018-16773
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field...
Cross site scripting
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field...