113 matches found
PT-2024-90: Cross-Site Request Forgery (CSRF) and Path Traversal in Netcat CMS (module filemanager)
The vulnerability was identified in Netcat CMS module filemanager, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the...
PT-2024-87: Reflected Cross-Site Scripting (XSS) in Netcat CMS (stats module)
The vulnerability was identified in Netcat stats module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-95: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module netshop)
The vulnerability was identified in Netcat CMS module netshop, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...
PT-2024-92: Reflected Cross-Site Scripting (XSS) in Netcat CMS (filemanager module)
The vulnerability was identified in Netcat filemanager module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-93: Reflected Cross-Site Scripting (XSS) in Netcat CMS (landing module)
The vulnerability was identified in Netcat landing module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-85: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)
The vulnerability was identified in Netcat CMS netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-76: Time-based SQL Injection in Netcat CMS (module comments)
The vulnerability was identified in Netcat CMS module comments, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or...
PT-2024-94: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module netshop)
The vulnerability was identified in Netcat CMS module netshop, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...
PT-2024-97: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module netshop)
The vulnerability was identified in Netcat CMS module netshop, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...
PT-2024-84: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)
The vulnerability was identified in Netcat netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-86: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)
The vulnerability was identified in Netcat netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-75: Time-based SQL Injection in Netcat CMS (module messaging)
The vulnerability was identified in Netcat CMS module messaging, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or...
PT-2024-81: Reflected Cross-Site Scripting (XSS) in Netcat CMS (landing module)
The vulnerability was identified in Netcat landing module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-83: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)
The vulnerability was identified in Netcat netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-80: Reflected Cross-Site Scripting (XSS) in Netcat CMS (comments module)
The vulnerability was identified in Netcat comments module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-96: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module netshop)
The vulnerability was identified in Netcat CMS module netshop, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...
PT-2024-5677 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a parameter in the market module of the Netcat CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker to execute...
PT-2024-5678 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection for the web page structure in the filemanager module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript...
PT-2024-5683 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS calendar module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the calendar module of the Netcat CMS system. This could allow a remote attacker to execute arbitrar...
PT-2024-5690 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to the implementation of the subscribes delete confirm method in the comments module of the Netcat CMS system, which fails to take measures to protect the SQL query...