7210 matches found
ZeusCart 4 index.php search 跨站脚本漏洞
ZeusCart是一个电子商务购物车应用。ZeusCart处理search变量存在跨站脚本漏洞,远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。影响系统:ZeusCart 4发布时间:2015-03-10CVE ID:CVE-2015-2182CNCVE ID:CNCVE-20152182 ----------------------------------本地搭建环境测试POC截图:ZeusCart 4.1测试环境...
ZeusCart 4 index.php brand&schltr 跨站脚本漏洞
ZeusCart是一个电子商务购物车应用。 ZeusCart处理 brand 和 schltr 参数存在跨站脚本漏洞,远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。 影响系统:ZeusCart 4 CVE ID:CVE-2015-2182 CNCVE ID:CNCVE-20152182 漏洞发布时间:2015-03-10 自行搭建环境进行POC测试:ZeusCart 4.1...
OpenSNS_v1.7.1_index.php_sql注入
No description provided by source...
Espcms v5.0 /index.php SQL注入漏洞
构造www.xxx.cc/index.php?ac=search&at=taglist&tagkey=%2527,tags orselect 1 fromselect count,concatselect select concat0x7e,0x27,tablename,0x27,0x7e from informationschema.tables where tableschema=database limit 0,1,floorrand02x from informationschema.tables group by xa%23...
Nibbleblog 'index.php'存在多个跨站脚本漏洞
No description provided by source...
GeniXCMS 0.0.1 /index.php CSRF漏洞
No description provided by source...
genixcms 0.0.1 /index.php SQL注入漏洞
No description provided by source...
CVE-2015-2989
Cross-site scripting XSS vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter...
CVE-2015-2989
Cross-site scripting XSS vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter...
CVE-2015-2989
CVE-2015-2989 (LEMON-S PHP Twit BBS) is a cross-site scripting (XSS) vulnerability in the index.php script caused by unsafely processing the imagetitle parameter. The affected software is the Twit BBS PHP-based bulletin board. Impact as stated: remote attackers can inject arbitrary web script or ...
phpcms v9 /modules/phpsso/index.php SQL注入漏洞
No description provided by source...
CVE-2015-6809
Multiple cross-site scripting XSS vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 cfgprojectName parameter to index.php/admin/saveConfig, the 2 datastatsproviderurl parameter to index.php/areas/saveArea, or the 3 datadescription...
BizIdea Design CMS 2015Q3 SQL Injection Vulnerability
BizIdea Design CMS 2015Q3 suffers from a remote SQL injection vulnerability. Document Title: =============== bizidea Design CMS 2015Q3 - SQL Injection Vulnerability Product & Service Introduction: =============================== http://www.bizidea.co.th Technical Details & Description:...
ektoplazm.com XSS vulnerability
Vulnerable URL: http://www.ektoplazm.com/index.php?s=x'"...
banggood.com XSS vulnerability
Vulnerable URL: http://www.banggood.com/index.php?com=indexid=undefined=loadLangNavs=http://www.banggood.com/buy/'"...
CVE-2015-5521
Cross-site scripting XSS vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php...
CVE-2015-2969
Cross-site scripting XSS vulnerability in index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to inject arbitrary web script or HTML via the oekakis parameter...
CVE-2015-2969
CVE-2015-2969 corresponds to a persistent XSS in LEMON-S PHP Simple Oekaki BBS before version 1.21. The vulnerability is triggered in index.php through the oekakis parameter, allowing remote attackers to inject arbitrary scripts/HTML. Affected software: Simple Oekaki BBS ≤ v1.20 (prior to 1.21). ...
JVN#67540183: Simple Oekaki BBS vulnerable to cross-site scripting
Simple Oekaki BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of oekakis parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...