CVE-2023-43875

Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...

CVE-2023-41601

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

CVE-2023-41601

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

CSZ CMS Cross-Site Scripting Vulnerability

CSZ CMS is a PHP-based open source content management system CMS. A security vulnerability exists in CSZ CMS v1.3.0, which stems from multiple cross-site scripting XSS vulnerabilities in install/index.php that allow attackers to execute arbitrary web script or HTML with a crafted payload via the...

PT-2023-27994 · Csz Cms · Csz Cms

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters in the install/index.php file. This enables the...

SUSE CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

Cross site scripting

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

UBUNTU-CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

CVE-2020-18670

CVE-2020-18670 affects Roundcube Webmail with stored XSS in /installer/test.php via database host/user input. Publicly documented impact is XSS vulnerability in Roundcube 1.3.x/LTS releases, with openSUSE advisories noting a fix by upgrading to Roundcube 1.3.16 (security update openSUSE-SU-2021:1...

CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

tinyissue and Pixeline Bugs Code Injection Vulnerabilities

tinyissue is a defect tracking system. pixeline Bugs is a branch of tinyissue. A code injection vulnerability exists in the install/config-setup.php file in tinyissue version 1.3.1 and pixeline Bugs version 1.3.2c and earlier, which can be exploited to execute arbitrary PHP code with the...

CVE-2019-9002

An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the databasehost parameter if the installer remains present in its original directory after installation is completed...

CVE-2019-9002

An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the databasehost parameter if the installer remains present in its original directory after installation is completed...

PT-2012-1989 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The installation component in WordPress does not ensure that the specified MySQL database service is appropriate, allowing remote attackers to configure an arbitrary database via the dbhost an...

CVE-2008-1386

Multiple cross-site scripting XSS vulnerabilities in the installer in Serendipity S9Y 1.3 allow remote attackers to inject arbitrary web script or HTML via 1 unspecified path fields or 2 the database host field. NOTE: the timing window for exploitation of this issue might be limited...