CVE-2017-9673

In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account via the index.php/user/new URI or change its settings via the index.php/user/1 URI, including its password...

Cross site scripting

In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?returnurl=XSS exploitable as a regular or admin user...

CVE-2017-9674

In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?returnurl=XSS exploitable as a regular or admin user...

CVE-2017-9674

In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?returnurl=XSS exploitable as a regular or admin user...

CVE-2017-9674

CVE-2017-9674 affects SimpleCE 2.3.0. An authenticated cross-site scripting (XSS) vulnerability exists on the endpoint index.php/content/text/1?return_url=[XSS], exploitable by a regular user or an admin user. The issue is described consistently across multiple sources in the connected documents,...

millerbrook.co.uk XSS vulnerability

Vulnerable URL: http://www.millerbrook.co.uk/index.php?contentID="...

Zenbership CMS 1.0.8 SQL Injection

Document Title: =============== Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2073 Release Date: ============= 2017-06-09 Vulnerability Laboratory ID VL-ID:...

Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities

Document Title: =============== Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2073 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9759 CVE-ID: ======= CVE-2017-9759 Release Date:...

CVE-2017-9435

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

Sql injection

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

CVE-2017-9435

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

CVE-2017-9435

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

fischkopf.de XSS vulnerability

Vulnerable URL: https://www.fischkopf.de/index.php?page=fischkopfwerdenstep1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 106555 VIP website status:| No Check fischkopf.de SSL...

Cross-site Scripting (XSS)

Moodle is susceptible to cross-site scripting XSS attacks. The attacks are possible because the parameter passed to blog/index.php is not properly sanitized. It allows the attackers to inject arbitrary web script or HTML through it when Internet Explorer is used...

Sql injection

The VirtueMart comvirtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemartpaymentmethodid or virtuemartshipmentmethodid parameter to administrator/index.php...

Path Traversal

jokkedk/webgrind is vulnerable to path traversals. By using an absolute file path in the file parameter in index.php, attackers are able read an arbitrary file...

CVE-2017-9252

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action...

asterios.tm XSS vulnerability

Vulnerable URL: https://asterios.tm/index.php?cmd=account&mod=recover Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 56154 VIP website status:| No Coordinated Disclosure Timeline:...

Cross site scripting

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php...

CVE-2017-9067

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...