EUVD-2022-1465

Malicious code in bioql PyPI...

CVE-2020-14146

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATHINFO...

CVE-2020-11944

Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...

CVE-2018-16514

A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php and Edit Filter page managefiltereditpage.php in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO. NOTE: this vulnerability exis...

CVE-2018-17386

SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATHINFO to mydeals/ or listdeals/...

CVE-2012-4532

Cross-site scripting XSS vulnerability in modules/modlanguages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php. NOTE: some of these details are obtained from third party...

CVE-2011-4910

Cross-site scripting XSS vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2019-9912

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...

CVE-2018-20849

Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATHINFO to the login/ URI...

CVE-2011-3861

Cross-site scripting XSS vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

CVE-2014-100037

Cross-site scripting XSS vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to archives/...

CVE-2012-1224

Cross-site scripting XSS vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-3485

Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...

BIT-LIVEHELPERCHAT-2020-26135

Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATHINFO...

TYPO3 XSS Vulnerability (TYPO3-core-sa-2023-001)

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

Cross site scripting

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...

TYPO3 8.7.0 < 8.7.51 ELTS / 9.0.0 < 9.5.40 ELTS / 10.0.0 < 10.4.36 / 11.0.0 < 11.5.23 / 12.0.0 < 12.2.0 XSS (TYPO3-CORE-SA-2023-001)

The version of TYPO3 installed on the remote host is prior to 8.7.0 8.7.51 ELTS / 9.0.0 9.5.40 ELTS / 10.0.0 10.4.36 / 11.0.0 11.5.23 / 12.0.0 12.2.0. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-001 advisory. - TYPO3 core component...

CVE-2022-31787

IdeaTMS 2022 is vulnerable to SQL Injection via the PATHINFO...

Sql injection

IdeaTMS 2022 is vulnerable to SQL Injection via the PATHINFO...

IdeaTMS SQL注入漏洞

IdeaTMS is a content platform. A security vulnerability exists in IdeaTMS version 2022 that stems from IdeaTMS being susceptible to SQL injection attacks via PATHINFO...