EUVD-2022-4857

Malicious code in bioql PyPI...

GHSA-9P7Q-V9GP-FRQ4 Dolibarr Cross-site Scripting vulnerability

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails default value in php.ini: Undefined" field...

GHSA-PXXP-283V-XPQ5 Stored XSS in LavaLite 5.5

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit...

Stored XSS in LavaLite 5.5

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit...

CVE-2019-8407

HongCMS 3.0.0 is affected by CVE-2019-8407 due to a path traversal in the filename parameter of admin/index.php/language/edit, allowing arbitrary file read and write. The underlying cause is improper handling of "../" in the filename, enabling access to sensitive files. Impact: partial confidenti...

CVE-2018-18943

An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the dataUploaderCategoryname parameter to an admin/uploader/uploadercategories/edit URI...

CVE-2018-16551

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit...

Design/Logic Flaw

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit...

CVE-2018-16551

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit...

CVE-2018-16551

CVE-2018-16551 affects LavaLite 5.5 and describes a cross-site scripting (XSS) vulnerability in the /edit URI, demonstrated by examples such as client/job/job/Zy8PWBekrJ/edit. The connected documents confirm the vulnerable component and the entry point, but do not provide concrete details on the ...

CVE-2018-16551

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit...

WSTMall Cross-Site Request Forgery Vulnerability

WSTMall is an open source O2O e-commerce system developed using ThinkPHP framework and supporting multiple users. A cross-site request forgery vulnerability exists in WSTMall version 1.9.1170316. A remote attacker can add user accounts with the help of index.php?m=Admin&c=Users&a=edit URI to...

Ximdex cross-site scripting vulnerability (CNVD-2018-14422)

Ximdex is a content and data management system. The system includes features such as an intelligent search engine, information aggregation, image and text recognition, etc. The DMS component is one of the data management components. A cross-site scripting vulnerability exists in the /edit URI of...

CVE-2018-12273

The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter...

Cross site scripting

The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter...

Datenstrom Yellow Cross-Site Request Forgery Vulnerability

Datenstrom Yellow is a system for creating small websites, blogs and wikis. A cross-site request forgery vulnerability exists in the edit/ URI in Datenstrom Yellow version 0.7.3. A remote attacker could exploit this vulnerability to delete articles...

CVE-2018-10758

The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles...