CVE-2017-15188

A persistent stored XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admindevice/index.php...

CVE-2017-15215

CVE-2017-15215 is a reflected XSS vulnerability in Shaarli v0.9.1. An unauthenticated attacker can inject JavaScript via the searchtags parameter to index.php, potentially compromising admin sessions or altering global settings if the victim is an administrator, or executing JavaScript for unauth...

mmegi.bw XSS vulnerability

Vulnerable URL: http://www.mmegi.bw/index.php?sid=1%22%3E%3Cscript%3Ealert0;%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 80973 VIP website status:| No Coordinated Disclosure Timeline:...

proel.org XSS vulnerability

Vulnerable URL: http://www.proel.org/index.php?sw=alert/OPENBUGBOUNTY/...

Cross site scripting

Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/adminconf/index.php...

go.sayt.uz XSS vulnerability

Vulnerable URL: http://go.sayt.uz/index.php?a=search=13'"220.ro=0=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated...

CVE-2017-14765

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request...

Cross site request forgery (csrf)

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request...

Sql injection

SQL Injection exists in /includes/event-management/index.php in the event-espresso-free aka Event Espresso Lite plugin v3.1.37.12.L for WordPress via the recurrenceid parameter to /wp-admin/admin.php...

CVE-2017-14753

Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/modulefilters/index.php...

GeniXCMS gxadmin/index.php file cross-site scripting vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in the gxadmin/index.php file in MetalGenix GeniXCMS version...

GSA Bounty: SSRF/XSPA in labs.data.gov/dashboard/validate

Hi. This vulnerability allows access to all ports locally. Which is not visible from the web. 1We need an interim site file index.php 2Next we write in index.php 3Next go to https://labs.data.gov/dashboard/validate And write url - for example http://example/index.php If the port will be open...

CVE-2014-9611

Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php...

pirtys.lt XSS vulnerability

Vulnerable URL: http://www.pirtys.lt/index.php?kaina=%5B%27%27%5D=%5B%27Ie%5Cxc5%5Cxa1koti%27%5D=%5B%27%27%5D=%5B%27%27%5D=%5B%27%27%5D%22%27%3E%20%3C/form%3E%3Cscript%3Ealert%22OPENBUGBOUNTY%22;%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.12.2017...

Cross site scripting

Cross-site scripting XSS vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php...

CVE-2015-8349

SourceBans before 2.0 pre-alpha is affected by CVE-2015-8349, a Cross-Site Scripting (XSS) vulnerability in the advSearch parameter of index.php. The root cause is insufficient filtration/validation of input data, allowing remote attackers to inject arbitrary web script or HTML. Exploitation cont...

chine.in XSS vulnerability

Vulnerable URL: https://chine.in/mandarin/dictionnaire/index.php?q=arbre Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 132594 VIP website status:| No Coordinated Disclosure...

CVE-2017-12856

Cross-site scripting XSS vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php...

CVE-2017-12856

Technical details such as affected products, versions, root cause, and remediation are not publicly available in the provided documents. Monitor for updates from the listed sources; additional details may be released in future advisories.