CVE-2021-38334

The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the /wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. The WordPress plugin WP Design Maps & Places...

WP Design Maps & Places <= 1.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the /wpdmp-admin.php file which allows attackers to inject arbitrary web scripts...

Eyoucms 路径遍历漏洞

EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. The vulnerability stems from a lack of input data validation for the tpldir, filename, type, and nid parameters. An attacker could use this...

EyouCms 跨站脚本漏洞

EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. The vulnerability stems from the lack of validation of input data in Eyoucms. An attacker could use this vulnerability to inject malicious cod...

CVE-2021-38611

A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...

CVE-2021-38611

A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...

NASCENT RemKon Device Manager 命令注入漏洞

NASCENT RemKon Device Manager is a NASCENT web application that is deployed in logistics centers as a single management platform for managing various settings and configurations for Automatic Gate Systems AGS and other Nascent products. A security vulnerability in NASCENT RemKon Device Manager...

CVE-2020-20975

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...

CVE-2020-20975

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...

Sql injection

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...

Gxlcms SQL注入漏洞

Gxlcms is an enterprise website creation system by Gxlcms team. Gxlcms suffers from a SQL injection vulnerability that originates from the $filename parameter in libadminactiondataaction.class.php...

CVE-2021-36654

CMSuno 1.7 (and earlier) is affected by an authenticated stored cross-site scripting (XSS) vulnerability. The flaw occurs in the theme update flow when the attacker can modify the filename parameter (tgo) during a template image name submission, injecting payloads via the tgo parameter to trigger...

CVE-2021-36654

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter tgo while updating the theme...

CMSUno 跨站脚本漏洞

CMSUno is a tool for creating single-page responsive websites by the French individual developer Jacques Malgrange. A cross-site scripting vulnerability exists in CMSuno version 1.7, which can be exploited by an authenticated attacker by modifying the filename parameter tgo...

CVE-2021-30119

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request:...

Dotcms dotCMS 跨站脚本漏洞

dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...

WordPress 路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in WordPress Plugin CM Download Manager, which can be...

VulnCheck KEV: CVE-2018-9118

exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter...

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...