13 matches found
EUVD-2019-18403
Malware in sbrugna...
EUVD-2019-18402
Malware in sbrugna...
MOPCMS Cross-Site Scripting Vulnerability
MOPCMS is a content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in MOPCMS 2018-11-30 and earlier versions, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'formname' parameter...
Cross site scripting
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...
CVE-2019-9016
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...
Path traversal
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding...
CVE-2019-9016
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...
CVE-2019-9015
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding...
CVE-2019-9015
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding...
CVE-2019-9015
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding...
CVE-2019-9016
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...
CVE-2019-9016
CVE-2019-9016 affects MOPCMS, a PHP/MySQL-based CMS. The connected CNVD entry confirms a cross-site scripting vulnerability exists in MOPCMS up to 2018-11-30, exploitable via the form[name] parameter in a mod=column request (example URI shown). The root cause is persistent XSS allowing remote att...
CVE-2019-9015
CVE-2019-9015 affects MOPCMS up to 2018-11-30. A path traversal vulnerability in the “column management” function allows unverified paths to be added to a column, enabling an attacker to delete the corresponding directory when a column is removed, potentially deleting parts or the entire website....