Cross site scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-38334 WP Design Maps & Places <= 1.2 Reflected Cross-Site Scripting

The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the /wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

CVE-2021-38136

Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snapfile parameter in the /it-IT/splunkd/raw/services/getsnapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host...

CVE-2021-38136

Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snapfile parameter in the /it-IT/splunkd/raw/services/getsnapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host...

CVE-2020-23715

Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download...

CVE-2020-23715

Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download...

Directory traversal

Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download...

CVE-2020-23715

Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download...

CVE-2020-20444

Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/viewsource.php' which "could" lead to RCE vulnerability...

CVE-2020-20444

Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/viewsource.php' which "could" lead to RCE vulnerability...

Security feature bypass

Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/viewsource.php' which "could" lead to RCE vulnerability...

PT-2021-3440 · Jact · Openclinic

Name of the Vulnerable Software and Affected Versions: Jact OpenClinic version 0.8.20160412 Description: The issue is related to errors in authorization in the shared/view source.php component of the OpenClinic software for managing medical records. An attacker, acting remotely, can exploit this...

Jact OpenClinic 安全漏洞

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in Jact OpenClinic version 0.8.20160412, which could lead to an RCE vulnerability if an attacker logs in...

LocalFilesEditor 数据伪造问题漏洞

LocalFilesEditor is a software application. Photobooth software for the web, built by an active community of users and developers. A security vulnerability exists in the LocalFilesEditor extension prior to version 11.4.0.1, which stems from a file parameter not being validated by proper regular...

Local File Inclusion

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Local File Inclusion. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class...

PT-2021-11898 · Unknown · Seat Reservation System

Name of the Vulnerable Software and Affected Versions: Seat-Reservation-System version 1.0 Description: The issue is related to a SQL injection vulnerability in the index.php file, specifically affecting the id and file parameters. This allows attackers to obtain sensitive database information...

PT-2021-2306 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a Reflected Cross-site Scripting vulnerability via the file parameter. Successful exploitation...

CVE-2020-19360

Local file inclusion in FHEM 6.0 allows in fhem/FileLoglogWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure...

CVE-2020-19360

Affected software: FHEM 6.0. Vulnerability: Local File Inclusion via the fhem/FileLog_logWrapper parameter, per multiple sources (NVD/Nuclei/RH/CNVD). Impact: potential sensitive information disclosure by reading arbitrary files on the target. Technical details: documented as LFI; CVSS3.1 score 7...