7210 matches found
Design/Logic Flaw
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=indexXSS value...
CVE-2019-8363
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=indexXSS value...
CVE-2019-8363
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=indexXSS value...
CVE-2019-8363
The CVE-2019-8363 issue affects Verydows 2.0. An XSS vulnerability exists via the index.php?c=main a parameter, demonstrated with a=index[XSS] value. The NVD description confirms this vector and the impact includes reflected/console-like injection in the parameter handling, with CVSS2/3 base scor...
Cross site scripting
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=XSS...
CVE-2019-8334
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=XSS...
CVE-2019-8335
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=XSS...
CVE-2019-8334
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=XSS...
CVE-2019-8335
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=XSS...
CVE-2019-8334
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=XSS...
CVE-2019-8334
CVE-2019-8334 affects SchoolCMS 2.3.1 . A cross-site scripting (XSS) flaw is present via the vulnerable request: index.php?a=Index&c=Channel&m=Home&viewid=[XSS], which could lead to injection of arbitrary script when a user loads the affected page. The primary description in the CVE notes an XSS ...
Design/Logic Flaw
Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter...
CVE-2019-7753
The connected documents confirm CVE-2019-7753 applies to Verydows 2.0, with an XSS vulnerability exposed via the index.php?m=api&c=stats&a=count referrer parameter. Red Hat and NVD entries corroborate this issue, describing an input/referrer parameter that can inject scripts. No public exploit de...
CVE-2019-7737
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit...
CVE-2019-7737
Verydows v2.0 is affected by a CSRF vulnerability that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. The issue is documented in CVE-2019-7737 with NVD metrics indicating high impact (C/H/I/A) and network attack vector, requiring no authentication. Connected sources c...
CVE-2019-7721
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters...
CVE-2019-7721
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters...
Sql injection
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request...
CVE-2019-7568
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request...
CVE-2019-7568
The CVE-2019-7568 issue affects baijiacms V4. It describes a time-based blind SQL injection in the cate parameter exposed through index.php?act=index, enabling data retrieval from the database. The NVD record lists a high/critical risk profile (CVSS v2 base 7.5, CVSS v3 base 9.8) indicating netwo...