CVE-2018-20601

UCMS 1.4.7 is affected by a Cross‑Site Scripting (XSS) flaw in the description parameter used by the index.php list_editpost action. The root cause, as described across sources, is unescaped or insufficiently sanitized input in the description field that can be reflected in the rendered page. Thi...

CVE-2018-20600

CVE-2018-20600 affects UCMS 1.4.7 where sadmin\cedit.php is vulnerable to cross-site scripting via the index.php sadmin_cedit action. The vulnerability allows injection of arbitrary web script or HTML, with the CVSS 3.0/2.0 metrics indicating network access, no authentication, user interaction re...

CVE-2018-20597

UCMS 1.4.7 is affected by a cross-site scripting (XSS) vulnerability caused by unsafely handling the dir parameter in the sadmin_fileedit action of index.php. The issue allows injection of arbitrary HTML/JavaScript in user-visible pages. No exploits or practical in-the-wild details are provided i...

CVE-2018-20597

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...

CVE-2018-20568

Administrator/index.php in Ivan Cordoba Generic Content Management System CMS through 2018-04-28 allows SQL injection for authentication bypass...

CVE-2018-20572

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893...

CVE-2018-20572

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893...

CVE-2018-20572

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893...

CVE-2018-20569

The CVE-2018-20569 entry applies to the Ivan Cordoba Generic Content Management System (CMS) and concerns a SQL injection vulnerability in the file user/index.php up to 2018-04-28. The root cause is improper input handling in the authentication logic, enabling a bypass of authentication. If explo...

CVE-2018-20418

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab...

CVE-2018-1000848

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...

CVE-2018-1000848

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...

Cross site scripting

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...

CVE-2018-1000846

FreshDNS

CVE-2018-1000848

CVE-2018-1000848 refers to a Cross Site Scripting (XSS) vulnerability in WampServer when using versions prior to 3.1.5. The issue affects the local index.php page and can be triggered by a payload via an onmouseover event, enabling potential script execution in a victim’s browser. The vulnerabili...

Integria IMS 5.0.83 - search_string Cross-Site Scripting

Integria IMS 5.0.83 - searchstring Cross-Site Scripting Exploit Title: Integria IMS 5.0.83 - Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-12-18 Google Dork: N/A Vendor: Artica ST Software Link: https://github.com/articaST/integriaims Affected...

CVE-2018-16636

Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter...

Design/Logic Flaw

Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter...

Input validation

PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI...

CVE-2018-20012

PHPCMF 4.1.3 is affected by an XSS vulnerability reachable through the first input field of index.php?s=member&c=register&m=index. The issue allows injection of script via the input and could impact users loading the page. No remediation details are provided in the supplied documents.