Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 300583 - List Manager Dashboard module, 2 307638 - Campaign Creator module, 3 316994 - Attributes field, 4 I316995 - Icon Selection module, 5...

CVE-2019-11198

Multiple cross-site scripting XSS vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 300583 - List Manager Dashboard module, 2 307638 - Campaign Creator module, 3 316994 - Attributes field, 4 I316995 - Icon Selection module, 5...

CVE-2018-18673

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...

CVE-2018-18673

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...

Code injection

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...

CVE-2018-18673

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...

PT-2019-9619 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the me link parameter, also known as the "Menu Link" parameter, in the adm/menu list update.php endpoint. This can be exploite...

Odoo Access Control Error Vulnerability (CNVD-2019-21437)

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, financial management and so on. An access control...

CVE-2018-14862

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

Design/Logic Flaw

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

WordPress Easy Pdf Restaurant Menu Upload plugin <= 1.1.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Easy Pdf Restaurant Menu Upload plugin versions = 1.1.1. Solution Update the WordPress Easy Pdf Restaurant Menu Upload plugin to the latest available version at least 1.1.2...

Creatiwity wityCMS cross-site scripting vulnerability (CNVD-2019-19292)

Creatiwity wityCMS is a lightweight PHP-based content management system CMS. A cross-site scripting vulnerability exists in the utilisateur menu in Creatiwity wityCMS version 0.6.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker ca...

CVE-2018-16251

A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters...

CVE-2018-16250

The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters...

Cross site scripting

The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters...

Debian DLA-1819-1 : pyxdg security update

It was discovered that there was a code injection issue in PyXDG, a library used to locate 'FreeDesktop.org' configuration/cache/etc. directories. A lack of sanitisation allowed arbitrary Python code embedded in the Category element of a Menu XML document in a .menu file to be executed. For Debia...

Breadcrumbs by menu <= 1.0.1 - Multiple Issues

XSS, CSRF leading to options update...

Code Injection in PyXDG

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

GHSA-R6V3-HPXJ-R8RV Code Injection in PyXDG

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...