313 matches found
Design/Logic Flaw
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter...
CVE-2018-16233
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter...
CVE-2018-16233
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter...
CVE-2018-16233
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter...
CVE-2018-15843
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field...
CVE-2018-15843
GetSimple CMS 3.3.14 is vulnerable to Cross-Site Scripting (XSS) through the admin/edit.php “Add New Page” field. The CNVD entry attributes the issue to inadequate filtering of the Add New Page input in GetSimple CMS 3.3.14, enabling a remote attacker to inject arbitrary web script or HTML. The C...
KomSeo Cart 1.3 - 'my_item_search' SQL Injection
Exploit Title: KomSeo Cart 1.3 - 'edit.php' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: SITEMAKIN Vendor Homepage: https://sitemakin.com Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows an attacker to inject...
NewsBee CMS 1.4 - home-text-edit.php SQL Injection
NewsBee CMS 1.4 - home-text-edit.php SQL Injection Exploit Title: NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/194049...
Design/Logic Flaw
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter...
CVE-2018-10296
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter...
Cross site request forgery (csrf)
Readymade Video Sharing Script has CSRF via user-profile-edit.php...
CVE-2017-17893
Readymade Video Sharing Script has XSS via the searchvideo.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter...
CVE-2017-17893
The following CVE concerns the Readymade Video Sharing Script (PHP Scripts Mall). It has a stored/reflected Cross‑Site Scripting (XSS) vulnerability exploitable via user input parameters: search_video.php using the search parameter, viewsubs.php using the chnlid parameter, and user-profile-edit.p...
CVE-2017-17891
CVE-2017-17891 affects Readymade Video Sharing Script. The vulnerability is a cross-site request forgery (CSRF) in the user-profile-edit.php endpoint. According to CNVD-2018-01938 and corroborating sources, a remote attacker can lure a logged‑in user to trigger changes to sensitive settings via t...
Design/Logic Flaw
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter...
CVE-2011-4334
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter...
selfserve.airpush.com XSS vulnerability
Vulnerable URL: http://selfserve.airpush.com/edit.php?template=javascript:alert/OPENBUGBOUNTY/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 06.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...
Open Redirect
WordPress is vulnerable to open redirect attacks. It is possible because the library does not properly validate the external URL in wphttpreferer in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, allowing attackers to redirect users to a different website...
CVE-2017-14725
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php...
Open redirect
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php...