Cross site scripting

Cross site scripting XSS vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the index.php USERNAME parameter...

SQL Injection in flatcore/flatcore-cms

Pre-Auth SQL injection Description flatCore-CMS is vulnerable to variable-overwritten vulnerability, leading to a Pre-Auth SQL injection in index.php ​ source code 1 at index.phpL41 php $fcprefs = fcgetpreferences; $languagePack = $fcprefs'prefsdefaultlanguage'; $SESSION'fcadminhelpers' = array; ...

CVE-2020-21649

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sql method...

CVE-2020-21653

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sj method...

CVE-2020-21653

CVE-2020-21653 affects Myucms v2.2.1, where a server-side request forgery (SSRF) exists in the component \controller\index.php, exploitable via the sj() method. The vulnerability is triggered in the server-side code path and can impact confidentiality and integrity (per CVSS 3.1: High impact on c...

CVE-2020-21649

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sql method...

CVE-2020-21649

Myucms v2.2.1 contains a server-side request forgery (SSRF) vulnerability in the component \controller\index.php, exploitable via the sql() method. Affected product: Myucms. Root cause: SSRF in the controller/index.php area. Impact details are not expanded beyond SSRF susceptibility in the provid...

CVE-2020-21503

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free...

CVE-2020-21431

HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...

CVE-2021-39433

A local file inclusion LFI vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user...

CVE-2021-40923

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter...

CVE-2021-40928

CVE-2021-40928 is an XSS vulnerability in the development version of FlexTV (index.php) exploitable via the PHP_SELF parameter. The issue arises from unsanitized input in index.php, enabling remote attackers to inject arbitrary web script or HTML. Impact details in the documents indicate a relati...

CVE-2021-40924

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the firstname parameter...

CVE-2021-40923

The CVE-2021-40923 entry describes a Cross-site Scripting (XSS) vulnerability in the Bugs open-source defect tracking system, specifically install/index.php for Bugs 1.8 and earlier. The issue arises from the email parameter, allowing remote attackers to inject arbitrary web script or HTML. Conne...

CVE-2021-40922

CVE-2021-40922 is a cross-site scripting (XSS) vulnerability affecting the open source defect-tracking system Bugs/Tinyissue in versions 1.8 and earlier, exploitable via the last_name parameter in install/index.php . The root cause is improper input handling in that endpoint, enabling remote atta...

CVE-2021-40922

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the lastname parameter...

UCMS 跨站脚本漏洞

UCMS is a content management system written in PHP. A security vulnerability exists in UCMS, which originates from a stored cross-site scripting XSS vulnerability in ucms index.php. An attacker can exploit this vulnerability to execute client-side code...

CVE-2020-20124

Wuzhi CMS v4.1.0 contains a remote code execution RCE vulnerability in \attachment\admin\index.php...