780 matches found
CVE-2019-20517
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the contact/ URI...
CVE-2019-20516
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the blog/ URI...
CVE-2019-20515
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the addresses/ URI...
CVE-2019-20515
ERPNext 11.1.47 is affected by a reflected XSS via the PATH_INFO to the addresses/ URI. The vulnerability is documented across multiple connected sources (e.g., NVD, Red Hat advisory, CNVD, OSV, CVE lists) with consistent description. Root cause details beyond “reflected XSS via PATH_INFO” are no...
Sql injection
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/ancategoryid/ PATHINFO...
Cross site scripting
Cross-site scripting XSS vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
CVE-2014-9608
Netsweeper is affected by an XSS in webadmin/policy/group_table_ajax.php/ across multiple tracked versions: before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. The issue stems from insufficient validation of client-side data via PATH_INFO, enabling remote attackers to inject arbitrary web ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 index.php and 2 loader.php...
CVE-2011-4938
CVE-2011-4938 affects Ariadne 2.7.6, with multiple XSS vulnerabilities that allow remote injection of arbitrary web script or HTML via PATH_INFO to index.php and loader.php. The vulnerability is caused by improper handling of PATH_INFO inputs, leading to script execution under the context of the ...
CVE-2011-4938
Multiple cross-site scripting XSS vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 index.php and 2 loader.php...
CVE-2019-20447
Jobberbase 2.0 has SQL injection via the PATHINFO to the jobs-in endpoint...
Sql injection
Jobberbase 2.0 has SQL injection via the PATHINFO to the jobs-in endpoint...
CVE-2019-20447
Jobberbase 2.0 has SQL injection via the PATHINFO to the jobs-in endpoint...
CVE-2019-20447
Jobberbase 2.0 is affected by SQL injection via PATH_INFO on the jobs-in endpoint. The root cause is lack of validation of externally supplied SQL statements in the database-based application, enabling an attacker to manipulate queries. CVSS metrics indicate high to critical impact (C/H I/H A/H) ...
Cross site scripting
Cross-site scripting XSS vulnerability in the handlerequest function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
CVE-2013-7071
Cross-site scripting XSS vulnerability in the handlerequest function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
CVE-2019-12917
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/softwarelibrary.php component via the PATHINFO...
Cross site scripting
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/softwarelibrary.php component via the PATHINFO...
CVE-2019-12917
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/softwarelibrary.php component via the PATHINFO...
Debian DLA-1970-1 : php5 security update
Emil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a Fast Process Manager for the PHP language, which can lead to remote code execution. Instances are vulnerable depending on the web server configuration, in particular PATHINFO handling. For a full list of preconditions, check:...