49 matches found
Cups Easy 跨站脚本漏洞
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the currencyid parameter on the /cupseasylive/currencycreate.php page. An attacker coul...
GHSA-GHF6-2F42-MJH9 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Impact In XWiki, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution...
CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...
CVE-2023-45134 XWiki Platform XSS vulnerability from account in the create page form via template provider
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows an attacker to arbitrarily create a page...
Cross Site Scripting(XSS)
intelliants/subrion is vulnerable to cross-site scripting. The vulnerability exists because create page functionality of admin account which allows a malicious attacker to inject and execute arbitrary javascript...
CVE-2021-43724
A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...
CVE-2021-43724
A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...
Cross site scripting
A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...
CVE-2021-43724
A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...
in marcoax/magutticms
Description RCE via 'upload file image or document' on maguttiCms 8.62 allows remote authenticated administrators to execute arbitrary PHP code Proof of Concept // PoC.req POST /admin/api/uploadifiveSingle HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...
CVE-2021-27338
Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter...
CVE-2020-21088
Cross Site Scripting XSS in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"...
WebsiteBaker 2.12.2 - Remote Code Execution
Exploit Title: WebsiteBaker 2.12.2 - Remote Code Execution Date: 2020-07-04 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/downloads Version: 2.12.2 Tested on: Windows 10 and Ubuntu...
LUYA CMS Cross-Site Scripting Vulnerability
LUYA CMS is a scalable content management system CMS. A cross-site scripting vulnerability exists in LUYA CMS version 1.0.12. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via /admin/api-cms-nav/create-page...
CVE-2018-18259
Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page...
Cross site scripting
Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page...
LEPTON 2.2.2 - SQL Injection
LEPTON 2.2.2 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL...
purlsoho.com XSS vulnerability
Vulnerable URL: http://www.purlsoho.com/create/?s="'--; Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 51879 Google Pagerank| 4 VIP website status:| No Check purlsoho.com SSL...
Cannot create page/s using "Create Page" Button
We are a large corporation currently in the process of rolling out a complete Atlassian Toolchain Jira, Confluence, Bamboo, Stash within the next 4 weeks. Unfortunately in Confluence, we cannot use the "Create Page" Button, as we get the following issue regardless of when this is done or by whom:...