123 matches found
TYPO3 Backend component Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark...
CVE-2021-27309
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter...
CVE-2021-27309
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter...
CVE-2021-27309
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter...
OpenSourceCMS.com Clansphere CMS 跨站脚本漏洞
ClanSphere is a modular Web-CMS. A cross-site scripting vulnerability exists in Clansphere 2011.4. The vulnerability can be exploited to inject JavaScript via the "module" parameter...
ONAP SDNC Operating System Command Injection Vulnerability
The ONAP SDNC is a network-defined network controller from the ONAP program. An operating system command injection vulnerability exists in ONAP SDNC versions prior to 4.0.0. The vulnerability can be exploited to execute arbitrary commands with the help of a specially crafted 'module' parameter...
ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28483)
The ONAP SDNC is a network-defined network controller from the ONAP program. ONAP SDNC suffers from an operating system command injection vulnerability. The vulnerability can be exploited to execute arbitrary commands with the help of a specially crafted 'module' parameter...
CVE-2019-12113
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...
Design/Logic Flaw
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...
Design/Logic Flaw
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...
CVE-2019-12123
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...
CVE-2019-12113
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...
PT-2019-15803 · Zoho · Zoho Crm Lead Magnet Plugin
Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin version 1.6.9.1 Description: The issue allows for XSS attacks. This can be achieved via the module, EditShortcode, or LayoutName. Recommendations: For Zoho CRM Lead Magnet plugin version 1.6.9.1, update to a newer...
CVE-2019-7646
CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the addpackage module parameter...
SugarCRM (WorkFlow module) PHP Code Injection Vulnerability
SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...
PT-2018-3687 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions 0.9.8.740 and earlier Description: The issue is related to the failure to protect the web page structure, which can be exploited by a remote attacker to impact the confidentiality and integrity of protected...
Metinfo Remote Code Execution Vulnerability
MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A security vulnerability exists in Metinfo version 6.0.0. A remote attacker can exploit the vulnerability by sending the 'module' parameter to the admin/column/save.php file to write...
CVE-2018-13024
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action...
CVE-2018-13024
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action...
CVE-2018-6893
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...