python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...

The vulnerability of the New Activity Handler component in the virtual learning environment Moodle, which allows a perpetrator to execute arbitrary code.

The vulnerability of the New Activity Handler component in the virtual learning environment Moodle is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through the Field Name...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to improper validation of user input in the "Field Name" parameter associated with a new activity, which allows an attacker to perform XSS attacks...

Moodle CMS Cross-Site Scripting Vulnerability

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site scripting vulnerability exists in Moodle CMS version v3.10, which originates from a vulnerability that allows remote...

The vulnerability in the “classes/Master.php?f=save_field” script of the CMS system’s administration panel for the Mobile Comparison Website allows a perpetrator to perform cross-site scripting attacks.

The vulnerability in the classes/Master.php?f=savefield script of the CMS system’s administration panel for the Mobile Comparison Website is related to insufficient protection of the website structure when processing the Field Name argument. Exploiting this vulnerability allows an attacker to...

Simple Mobile Comparison Website 跨站脚本漏洞

Simple Mobile Comparison Website is a mobile comparison website by Carlo Montero personal developer. It allows users to compare the specifications of smartphones. A cross-site scripting vulnerability exists in version 1.0 of Simple Mobile Comparison Website, which stems from cross-site scripting...

GHSA-XXM6-FF3X-V4VM thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the category field name parameter. This has been fixed in 3.1.12...

CVE-2022-36272

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter...

MingSoft MCMS SQL注入漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A SQL injection vulnerability exists in MingSoft MCMS version 5.2.8, which originates from an attacker being able to exploit the fieldName parameter of its /mdiy/page/verify URI component to achieve SQL injection...

dotCMS Arbitrary File Upload Vulnerability Vulnerability

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . An arbitrary file upload vulnerability exists in the com/dotmarketing/servlets/AjaxFileUploadServlet.class file in...

OcProducts OcPortal 'FIELD_NAME' Parameter Cross-Site Scripting Vulnerability

OcProducts ocPortal is an open source PHP and MySQL based Content Management System CMS from OcProducts. A cross-site scripting vulnerability exists in OcProducts OcPortal. An attacker can exploit this vulnerability to execute arbitrary script code, steal cookie-based authentication and launch...

CVE-2011-5299

Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...