37 matches found
FeehiCMS 跨站脚本漏洞
FeehiCMS is a Php-based CMS website builder for individual developers. feehiCMS version v2.1.1 has a security vulnerability that originates from an id parameter on /web/admin/index.php?r=log/view-layer found to contain a reflective cross-site scripting XSS vulnerability. No detailed vulnerability...
CVE-2021-32005
Cross-site Scripting XSS vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions...
MartDevelopers Iresturant 跨站脚本漏洞
MartDevelopers Iresturant is an open source lightweight restaurant Erp from MartDevelopers Kenya, designed to integrate social restaurant operations into a single system. A cross-site scripting vulnerability exists in MartDevelopers Iresturant because the product does not effectively filter...
Log Injection
ZoneMinder is vulnerable to log Injectio. An attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...
Cross-site Scripting (XSS)
zoneminder:edge is vulnerable to cross site scripting XSS. An attacker is able to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...
CVE-2019-2388
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...
FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-43412)
FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in app/fax/faxlogview.php in FusionPBX 4.4.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the faxuuid parameter...
DEBIAN-CVE-2019-7351
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...
CVE-2019-7339
POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...
DEBIAN-CVE-2019-7339
POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...
CVE-2019-6267
The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI...
dashboard: log file arbitrary file retrieval
It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard horizon did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server...
Satellite: Spacewalk contains XSS in log file view
A stored cross-site scripting XSS flaw was found in the way spacewalk-java displayed log files. By sending a specially crafted request to Satellite, a remote attacker could embed HTML content into the log file, allowing them to inject malicious content into the web page that is used to view that...
CVE-2014-0337
Cross-site scripting XSS vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during...
Fedora 14 : cgit-0.9-1.fc14 (2011-2803)
In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...
Fedora 15 : cgit-0.9-1.fc15 (2011-2790)
In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...
iPlanet Administration Server directory traversal
Directory traversal during log view with 2f...