7210 matches found
CVE-2015-6497
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...
CVE-2015-6497
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...
CVE-2011-3202
A Cross-Site Scripting XSS vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier...
Cross site scripting
A Cross-Site Scripting XSS vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier...
CVE-2011-3202
A Cross-Site Scripting XSS vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier...
CVE-2019-20224
netflowgetstats in functionsnetflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. This issue has been fixed in Pandora FMS 7.0 NG 742...
CVE-2020-5307
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...
Sql injection
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...
CVE-2020-5307
CVE-2020-5307 concerns PHPGurukul Dairy Farm Shop Management System 1.0 and is documented to be vulnerable to SQL injection. The affected components include index.php (username parameter), add-category.php (CategoryCode and category), add-company.php (CompanyName), and add-product.php (ProductNam...
CVE-2020-5307
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...
CVE-2013-1642
Multiple cross-site scripting XSS vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 dir, 2 item, 3 order, 4 searchitem, 5 selitems, or 6 srt parameter to index.php or 7 the QUERYSTRING to index.php...
CVE-2013-1642
Multiple cross-site scripting XSS vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 dir, 2 item, 3 order, 4 searchitem, 5 selitems, or 6 srt parameter to index.php or 7 the QUERYSTRING to index.php...
CVE-2013-7351
Multiple cross-site scripting XSS vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the 1 showRSS, 2 showATOM, or 3 showDailyRSS function; a 4 file name to the importFile function; or 5 vectors related to bookmarks...
CVE-2013-7351
Multiple cross-site scripting XSS vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the 1 showRSS, 2 showATOM, or 3 showDailyRSS function; a 4 file name to the importFile function; or 5 vectors related to bookmarks...
CVE-2013-7351
Multiple cross-site scripting XSS vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the 1 showRSS, 2 showATOM, or 3 showDailyRSS function; a 4 file name to the importFile function; or 5 vectors related to bookmarks...
CVE-2013-7351
Multiple cross-site scripting XSS vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the 1 showRSS, 2 showATOM, or 3 showDailyRSS function; a 4 file name to the importFile function; or 5 vectors related to bookmarks...
Cross site request forgery (csrf)
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request...
CVE-2012-1160
Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php...
CVE-2019-14928
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script XSS vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to...
CVE-2019-14928
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script XSS vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to...