7210 matches found
johnleary.com XSS vulnerability
Open Bug Bounty ID: OBB-606065 Description| Value ---|--- Affected Website:| johnleary.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-10267
WTCMS 1.0 is affected by a CSRF vulnerability that allows an attacker to add an administrator account using the URI index.php?admin&m=user&a=add_post. Root cause: CSRF in the admin-user creation flow. Impact: attacker could elevate privileges by creating an admin account; no exploitation details ...
CVE-2018-10248
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycledelete...
Sql injection
thinkphp 3.1.3 has SQL Injection via the index.php s parameter...
CVE-2018-10225
thinkphp 3.1.3 has SQL Injection via the index.php s parameter...
CVE-2018-10221
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tagtag parameter to the index.php?m=tags&f=index&v=add&&su=wuzhicms URI. After a website editor whose privilege is lower than the administrator logs in, he can add...
CVE-2018-10225
thinkphp 3.1.3 has SQL Injection via the index.php s parameter...
CVE-2018-10219
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request...
CVE-2018-10225
thinkphp 3.1.3 has SQL Injection via the index.php s parameter...
CVE-2018-10219
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request...
CVE-2018-10225
CVE-2018-10225 affects thinkphp 3.1.3. The vulnerability is a SQL injection via the index.php?s parameter, enabling crafted SQL statements to affect the backend database. Exploitation details are not provided in the connected documents; the CVSS info from NVD indicates CRITICAL impact (AV:N/AC:L/...
CVE-2018-10219
CVE-2018-10219 affects baijiacms V3 and describes a physical path leakage exploitation via the request index.php?mod=mobile&name=member&do=index. Public sources (CNVD-2018-11709, NVD entry) attribute an information disclosure vulnerability to this path leakage, with the impact on confidentiality ...
Design/Logic Flaw
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...
Code injection
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php...
CVE-2018-10128
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...
CVE-2018-10128
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...
CVE-2018-10128
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...
CVE-2018-10128
XYHCMS 3.5 is affected by a Cross-Site Scripting (XSS) vulnerability via the test parameter to index.php. Multiple sources (CNVD-2018-07980, RH:CVE-2018-10128, NVD/CVE-2018-10128, OSV, CNVD) describe an XSS that can execute JavaScript and is exploitable through the index.php?test parameter. The r...
Cross site scripting
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php...
CVE-2018-10118
Monstra CMS 3.0.4 is affected by a Stored XSS in the Name field on the Create New Page screen (admin/index.php?id=pages), related to plugins/box/pages/pages.admin.php. This CVE details the vulnerable component path and the input point that leads to script execution. The connected data confirms th...