780 matches found
CVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...
CVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...
CVE-2018-13983
ImpressCMS 1.3.10 has XSS via the PATHINFO to htdocs/install/index.php, htdocs/install/pagelangselect.php, or htdocs/install/pagemodcheck.php...
CVE-2018-13983
ImpressCMS 1.3.10 has XSS via the PATHINFO to htdocs/install/index.php, htdocs/install/pagelangselect.php, or htdocs/install/pagemodcheck.php...
CVE-2018-13983
ImpressCMS 1.3.10 is affected by an XSS vulnerability triggered via PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. The root cause is unvalidated PATH_INFO leading to cross-site scripting, enabling arbitrary HTML/JS execution in a us...
Code injection
esoTalk 1.0.0g4 has XSS via the PATHINFO to the conversations/ URI...
CVE-2015-9285
esoTalk 1.0.0g4 has XSS via the PATHINFO to the conversations/ URI...
CVE-2015-9285
esoTalk 1.0.0g4 has XSS via the PATHINFO to the conversations/ URI...
CVE-2015-9285
CVE-2015-9285 affects esoTalk 1.0.0g4. The vulnerability is a reflected XSS via PATH_INFO to the conversations/ URI. NVD CVSS data: CVSS v2 base score 4.3 (MEDIUM) with network attack vector and no confidentiality impact but partial integrity impact; CVSS v3 base score 6.1 (MEDIUM) with network a...
Cross-site Scripting (XSS)
pki-tps is vulnerable to cross-site scripting. A lack of input validation and sanitization allows a remote attacker to inject arbitrary Javascript into a victim's browser via the PATHINFO variable to steal session tokens or perform unwanted actions on behalf of the user...
CVE-2019-3576
inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATHINFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserControllerdeleteFavorite aka deleteFavorite in...
CVE-2019-3576
CVE-2019-3576 affects the inxedu platform through 2018-12-24, where a SQL injection vulnerability exists in the user flow—specifically in the deleteFavorite path handled by UserController (deleteFavorite in com/inxedu/os/edu/controller/user/UserController.java) and triggered via MyBatis in course...
Cross site scripting
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATHINFO...
CVE-2018-18635
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATHINFO...
CVE-2018-18635
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATHINFO...
Cross site scripting
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATHINFO to /member/index.php, /member/pm.php, /member/contentlist.php, or...
CVE-2018-17884
XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook gwolle-gb plugin before 2.5.4 for WordPress via the PATHINFO to wp-admin/index.php...
Cross site scripting
XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook gwolle-gb plugin before 2.5.4 for WordPress via the PATHINFO to wp-admin/index.php...
CVE-2018-17884
XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook gwolle-gb plugin before 2.5.4 for WordPress via the PATHINFO to wp-admin/index.php...
CVE-2018-17884
The CVE affects the WordPress Gwolle Guestbook plugin (gwolle-gb) prior to version 2.5.4. Vulnerability: XSS in admin/gb-dashboard-widget.php exploitable via PATH_INFO to wp-admin/index.php. Root cause: improper handling of PATH_INFO leading to script injection in the admin context. Impact: poten...