7210 matches found
CVE-2019-16310
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI...
CVE-2019-16312
s-cms V3.0 has XSS in index.php?type=text via the Sid parameter...
Design/Logic Flaw
s-cms V3.0 has XSS in index.php?type=text via the Sid parameter...
Design/Logic Flaw
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI...
Cross site request forgery (csrf)
NIUSHOP V1.11 has CSRF via searchinfo to index.php...
CVE-2019-16310
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI...
CVE-2019-16310
CVE-2019-16310 affects NIUSHOP V1.11 with an XSS vulnerability via the index.php?s=/admin URI. The connected records do not provide payloads, affected sub-versions beyond V1.11, remediation steps, or explicit exploit details. CVSS metrics are provided (NVD CVSSv2 base 3.5, CVSSv3.1 base 5.4). Act...
CVE-2019-16311
NIUSHOP V1.11 has CSRF via searchinfo to index.php...
CVE-2019-16311
CVE-2019-16311 : NIUSHOP V1.11 has a CSRF vulnerability via search_info to index.php. The connected sources cite a high-severity issue (CVSSv3.1 base score 8.8) with network access and required user interaction, but no exploitation details are provided in the documents.
CVE-2019-16312
CVE-2019-16312 affects s-cms v3.0 with a stored/reflected XSS in index.php?type=text via the S_id parameter. The Red Hat and NVD entries confirm the same description; public details are limited to the XSS path and parameter, with no explicit exploitation vectors or patched versions provided in th...
CVE-2019-10687
KBPublisher 6.0.2.1 contains SQL injection vulnerabilities in multiple entry points: admin/index.php?module=report&entry_id[0] and admin/index.php?module=log&id, as well as index.php?View=print&id[] (and related POST parameters). Some sources note the issue affects both admin and public (unauthen...
CVE-2019-15132
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of...
CVE-2019-15132
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of...
CVE-2019-15132
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of...
CVE-2019-14968
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action...
CVE-2019-14968
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action...
Sql injection
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action...
CVE-2019-14968
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action...
Sql injection
Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter...
CVE-2019-14754
Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter...