7210 matches found
CVE-2017-9838
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting XSS vulnerabilities in versions before 5.0.4: index.php leftmenu parameter, core/ajax/box.php PATHINFO, product/stats/card.php type parameter, holiday/list.php monthcreate, monthstart, and monthend parameters, and don/card.ph...
WUZHI CMS 4.1.0 - Add User Account Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add user account Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE : CVE-2018-9927 An issue was...
WUZHI CMS 4.1.0 - Add Admin Account Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add admin account Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE : CVE-2018-9926 An issue was...
afmec.org XSS vulnerability
Open Bug Bounty ID: OBB-600205 Description| Value ---|--- Affected Website:| afmec.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-9927
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add...
CVE-2018-9927
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add...
mobilesystem.eu XSS vulnerability
Open Bug Bounty ID: OBB-597957 Description| Value ---|--- Affected Website:| mobilesystem.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-9307
dsmall v20180320 allows XSS via the pdrsn parameter to public/index.php/home/predeposit/index.html...
CVE-2018-9307
dsmall v20180320 allows XSS via the pdrsn parameter to public/index.php/home/predeposit/index.html...
rhemuthcastle.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-595040 Description| Value ---|--- Affected Website:| rhemuthcastle.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
Cross site request forgery (csrf)
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdrsn= request...
CVE-2018-9016
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...
CVE-2018-9014
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdrsn= request...
CVE-2018-9016
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...
CVE-2018-9016
The CVE-2018-9016 entry corresponds to a cross‑site scripting (XSS) vulnerability in dsmall v20180320, exploitable via the main page search box (public/index.php/home). The CNVD entry explicitly notes that a remote attacker can inject arbitrary HTML/JavaScript to obtain sensitive information. The...
dbejournal.com XSS vulnerability
Open Bug Bounty ID: OBB-588162 Description| Value ---|--- Affected Website:| dbejournal.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Design/Logic Flaw
CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php...
CVE-2018-8957
CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php...
CVE-2018-8957
CVE-2018-8957 affects CoverCMS v1.1.6. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the fourth input box on index.php, linked to admina/mconfigs.inc.php. The affected component is the input handling on the administrative config interface; root cause is improper input san...
Code injection
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/addressid/2.html...