37 matches found
CVE-2025-15174 SohuTV CacheCloud AppManageController.java doAppAuditList cross site scripting
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed...
CacheCloud 代码注入漏洞
CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function doAppAuditList in the file...
CVE-2025-15146
CVE-2025-15146 affects SohuTV CacheCloud up to version 3.2.0. The vulnerability resides in doUserList (src/main/java/com/sohu/cache/web/controller/UserManageController.java); manipulated input can trigger cross-site scripting. The attack is remote and the exploit is publicly available. Mitigation...
CVE-2025-15145 SohuTV CacheCloud TotalManageController.java doTotalList cross site scripting
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit...
CVE-2025-15130
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attac...
CVE-2025-15130
The CVE-2025-15130 entry affects shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. The vulnerability resides in the Administrative Panel’s Function addPost in Application/Admin/Controller/FileManageController.class.php, enabling remote code injection. Multiple sources corroborate the i...
CVE-2025-15130 shanyu SyCms Administrative Panel FileManageController.class.php addPost code injection
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attac...
SyCms 代码注入漏洞
SyCms is a content management system for shanyu individual developers. SyCms code injection vulnerability exists, the vulnerability stems from the incorrect operation of the function addPost in the file Application/Admin/Controller/FileManageController.class.php, which may lead to code injection...
CVE-2025-5033
A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be...
TeaCMS 安全漏洞
TeaCMS is a blogging system by xiaobingby personal developer. A security vulnerability exists in TeaCMS version 2.0.2, which originates from an improperly functioning file src/main/java/me/teacms/controller/admin/UserManageController/addUser, which may lead to cross-site request forgery...
CVE-2025-29686
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...
oa_system 跨站脚本漏洞
oasystem is a hailey individual developer's application for the daily operation and management of organizations, used by employees and managers. A security vulnerability exists in oasystem versions prior to v2025.01.01, which stems from improperly cleaned inputs for the parameter title in the fil...
CVE-2025-3389
A vulnerability, which was classified as problematic, has been found in hailey888 oasystem up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to...
PT-2025-37310
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation...
CVE-2022-46999
Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php...
TuziCMS SQL注入漏洞
TuziCMS Rabbit CMS is a PHP and MySQL based Content Management System CMS for enterprise website builders. A SQL injection vulnerability exists in the AppManageControllerhuantiController.class.php component of TuziCMS version v2.0.6. No information about this vulnerability is available at this...
CVE-2021-44348
CVE-2021-44348 : TuziCMS v2.0.6 contains an SQL injection via the id parameter in App\Manage\Controller\AdvertController.class.php. This matches multiple connected sources (NVD, RED HAT, CNVD). Impact described in sources as potential disclosure of sensitive database information. The documents do...