8767 matches found
Cross site scripting
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component makehtmlhomepage.php via the filename, mid, userid, and templet' parameters...
CVE-2020-23037
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...
CVE-2020-23044
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filepicview.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum parameters...
CVE-2020-36485
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file...
CVE-2020-36491
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component tagsmain.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum parameters...
CVE-2020-36492
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component selectmedia.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum parameters...
CVE-2020-36495
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filemanageview.php via the filename, mid, userid, and templet' parameters...
CVE-2020-36497
DedeCMS v7.5 SP2 contains multiple XSS vulnerabilities in the makehtml_homepage.php component, exploitable via the filename, mid, userid, and templet parameters. The CVE-2020-36497 entries across NVD/Red Hat/CNVD/CVE record confirm cross-site scripting weaknesses in this version. The connected so...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...
Portable Ltd Playable 代码注入漏洞
Portable Ltd Playable is a Full HD media player for Pc from Portable Ltd, UK. Portable Ltd Playable suffers from a code injection vulnerability that stems from Portable Ltd Playable v9.18 containing a code injection vulnerability in the filename parameter. An attacker could use this vulnerability...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. A cross-site scripting vulnerability exists in DedeCMS version 7.5 SP2, which can be exploited to inject malicious script code via th...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the activepath, keyword,...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the activepath, keyword,...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...
Portable Ltd Playable 代码问题漏洞
Portable Ltd Playable is a Full HD media player for Pc from Portable Ltd, UK. A security vulnerability exists in Portable Playable v9.18, which stems from a lack of effective filtering and restriction in the filename parameter of the software's upload module. The vulnerability allows an attacker ...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...
DEBIAN-CVE-2020-27304
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mghandleformrequest API. Web applications that use the file upload form handler, and use parts of the user-controlled...
Directory traversal
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mghandleformrequest API. Web applications that use the file upload form handler, and use parts of the user-controlled...
Evernote: 2 click Remote Code execution in Evernote Android
This vulnerability is similar to my previous reported vulnerability 1362313 , in here also weakness is path transversal vulnerability which helps me to acheive code execution but the root cause is different. some part of this app is written in java and some parts are written in react native. In...