CVE-2017-7361

Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack...

CVE-2017-7363

Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack...

CVE-2017-7359

Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack...

CVE-2017-7363

Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack...

CVE-2017-7361

Pixie 1.0.4 is affected by a cross-site scripting (XSS) vulnerability exposed via admin/index.php s=publish&m=static&x=. The CNVD entry states Pixie 1.0.4 contains a cross-site scripting flaw due to improper validation of user-submitted input, allowing a remote attacker to inject arbitrary web sc...

CVE-2017-7360

CVE-2017-7360 affects Pixie 1.0.4. The connected documents identify a cross-site scripting vulnerability in the admin interface, specifically in the admin/index.php s=settings&x= parameter, indicating insufficient input validation in the settings handling path. The impact is an XSS where an attac...

CVE-2017-7359

Pixie 1.0.4 contains a cross-site scripting (XSS) vulnerability in the CMS, described as an XSS in Pixie 1.0.4 via admin/index.php s=login&m=. Root cause: improper input validation/handling. Impact per sources indicates potential script injection; exploitation status is not provided in the docume...

Wonder CMS Path Traversal Vulnerability

Wonder CMS is an open source content management system CMS. A directory traversal vulnerability exists in the index.php file in Wonder CMS version 2014. A remote attacker can exploit this vulnerability to read arbitrary files with the help of a specially crafted theme...

Directory traversal

Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme...

CVE-2017-6907

An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data content passed to the "Open.GL-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website...

Joomla Simple Membership 3.3.3 SQL Injection

Exploit Title: Joomla! Component Simple Membership v3.3.3 - SQL Injection Google Dork: inurl:index.php?option=comsimplemembership Date: 14.03.2017 Vendor Homepage: http://ordasoft.com/ Software :...

Cross site scripting

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=XSS attack...

Cross site scripting

XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif=XSS attack...

CVE-2017-6562

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=XSS attack...

CVE-2017-6561

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=XSS attack...

CVE-2017-6560

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=XSS&editObjId=XSS attack...

CVE-2017-6561

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=XSS attack...

CVE-2017-6559

XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif=XSS attack...

CVE-2017-6559

The CVE-2017-6559 entry documents a cross-site scripting (XSS) flaw in Agora-Project 3.2.2. The vulnerable vector is index.php?disconnect=1&msgNotif[]=[XSS], where user-supplied data is reflected into the page without sufficient sanitization. The impact is indicated as low confidentiality and low...

Input validation

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...