CVE-2018-11670

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect...

Cross site scripting

DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" newlastname parameter...

CVE-2018-11558

CVE-2018-11558 is a stored XSS vulnerability in DomainMod 4.10.0, exploiting the new_first_name parameter in the "/settings/profile/index.php" page. The connected documents consistently describe the issue as a cross-site scripting flaw affecting DomainMod 4.10.0, with multiple sources naming the ...

CVE-2018-11559

DomainMod 4.10.0 is affected by a Stored XSS in the profile settings endpoint (/settings/profile/index.php) via the new_last_name parameter. Root cause: persistent injection in the user profile handling leading to script execution when viewed. Impact is limited to what the XSS allows per the sour...

CVE-2018-11493

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add...

CVE-2018-11493

WUZHI CMS 4.1.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. The issue is documented under CVE-2018-11493. Connected sources confirm the affected software/version and the specific vulnerable endpoint. The exist...

juwelier-petersen.de XSS vulnerability

Open Bug Bounty ID: OBB-620002 Description| Value ---|--- Affected Website:| juwelier-petersen.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

forum-tc.msi.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-617657 Description| Value ---|--- Affected Website:| forum-tc.msi.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

WUZHI CMS 4.1.0 - tag[pinyin] Cross-Site Scripting

WUZHI CMS 4.1.0 - tagpinyin Cross-Site Scripting Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10311 An...

nordichem.eu XSS vulnerability

Open Bug Bounty ID: OBB-615179 Description| Value ---|--- Affected Website:| nordichem.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

thinkphp SQL Injection Vulnerability (CNVD-2018-09389)

thinkphp is a set of open source, PHP-based lightweight web application development framework. A SQL injection vulnerability exists in thinkphp version 3.1.3. A remote attacker can use the 's' parameter to send a specially crafted SQL statement to the index.php file to exploit the vulnerability t...

malfong.is XSS vulnerability

Open Bug Bounty ID: OBB-612518 Description| Value ---|--- Affected Website:| malfong.is Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-10570

Frog CMS 0.9.5 has XSS in /install/index.php via the 'config''adminusername' field...

Cross site request forgery (csrf)

An issue was discovered in index.php in baijiacms V4 v41420170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser...

CVE-2018-10503

An issue was discovered in index.php in baijiacms V4 v41420170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser...

CVE-2018-10374

EasyCMS 1.3 is affected by a Cross‑Site Scripting (XSS) vulnerability in the s POST parameter (the value of the search box) sent to index.php?s=/index/search/index.html. The issue arises from XSS in that parameter, enabling injection of arbitrary script/HTML. This CVE entry corresponds to EasyCMS...

Cross site scripting

A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the /index.php?m=tags&f=index&v=add URI...

Cross site request forgery (csrf)

index.php?m=member&v=pwreset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member...

CVE-2018-10311

A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the /index.php?m=tags&f=index&v=add URI...

Cross site request forgery (csrf)

An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI...