34 matches found
CVE-2023-1500
A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument aboutinfo leads to cross site scripting. The attack may be launched...
PT-2023-17036 · Code Projects · Code-Projects Simple Art Gallery
Name of the Vulnerable Software and Affected Versions: code-projects Simple Art Gallery version 1.0 Description: A problematic issue has been found in the file adminHome.php, where the manipulation of the about info argument leads to cross site scripting. The attack can be launched remotely...
PT-2022-17318
Name of the Vulnerable Software and Affected Versions: ThinkPHP Framework version 5.0.24 Description: The ThinkPHP Framework was discovered to be configured without the PATHINFO parameter, allowing attackers to access all system environment parameters from index.php. It is noted that this issue i...
Cross site scripting
ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting XSS vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which...
Mitsubishi Electric smartRTU 跨站脚本漏洞
The Mitsubishi Electric smartRTU is an intelligent Remote Terminal Unit RTU from Mitsubishi Electric Japan. A cross-site scripting vulnerability exists in the Mitsubishi Electric SmartRTU device that stems from the lack of valid validation and escaping of the username and PATHINFO parameters in t...
Unrestricted file upload
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...
CVE-2019-16311
NIUSHOP V1.11 has CSRF via searchinfo to index.php...
CVE-2018-20479
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wapindex.php?type=newsinfo Sid parameter...
CVE-2018-12095
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php...
Social Microblogging PRO Cross-Site Scripting Vulnerability
Social Microblogging PRO is a social microblogging. A cross-site scripting vulnerability in Social Microblogging PRO version 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to the default URL...
CVE-2011-1706
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url...
CVE-2006-2989
ASP ListPics 4.3 and earlier contains a Cross-site scripting (XSS) flaw in listpics.asp that can be exploited by supplying an info parameter value. The vulnerability allows remote attackers to inject arbitrary web script or HTML. Affected component: listpics.asp in ASP ListPics 4.3 and earlier. R...
CVE-2006-2989
Cross-site scripting XSS vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter...
security flaw
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the 1 adminpw or 2 info parameters to the ml-name feature...