780 matches found
Cross site scripting
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
CVE-2018-17361 affects WeaselCMS v0.3.6 (PHP). Multiple XSS vulnerabilities allow remote attackers to inject arbitrary web script or HTML via PATH_INFO to index.php; root cause is mishandling of $_SERVER['PHP_SELF']. Public exploit details are not provided in the connected documents; no remediati...
Design/Logic Flaw
Gxlcms 1.0 has XSS via the PATHINFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php...
CVE-2018-16655
Gxlcms 1.0 has XSS via the PATHINFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php...
CVE-2018-16655
Gxlcms 1.0 has XSS via the PATHINFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php...
CVE-2018-16655
Gxlcms 1.0 is affected by CVE-2018-16655, with a Cross-Site Scripting (XSS) vulnerability exploitable via PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. The concrete description across multiple sources confirms this vulnerability pattern and file path, indicating an injection of script/...
CVE-2018-13055
A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO...
CVE-2018-13055
A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO...
FreeBSD : mantis -- multiple vulnerabilities (0822a4cf-9318-11e8-8d88-00e04c1ea73d)
mantis reports : Teun Beijers reported a cross-site scripting XSS vulnerability in the Edit Filter page which allows execution of arbitrary code if CSP settings permit it when displaying a filter with a crafted name. Prevent the attack by sanitizing the filter name before display. Omer Citak,...
mantis -- multiple vulnerabilities
mantis reports: Teun Beijers reported a cross-site scripting XSS vulnerability in the Edit Filter page which allows execution of arbitrary code if CSP settings permit it when displaying a filter with a crafted name. Prevent the attack by sanitizing the filter name before display. Ömer Cıtak,...
Sql injection
WolfSight CMS 3.2 allows SQL injection via the PATHINFO to the default URI...
CVE-2018-14012
WolfSight CMS 3.2 allows SQL injection via the PATHINFO to the default URI...
CVE-2018-14012
CVE-2018-14012 concerns WolfSight CMS 3.2, which is vulnerable to an SQL injection via PATH_INFO sent to the default URI. The connected records confirm the affected product/version and the injection vector, without listing explicit root-cause code or patched versions. CVSS scores indicate a very ...
CVE-2018-14012
WolfSight CMS 3.2 allows SQL injection via the PATHINFO to the default URI...
Design/Logic Flaw
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATHINFO to the /webpages/data URI...
CVE-2018-13134
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATHINFO to the /webpages/data URI...
Sql injection
router.php in the Harmis Ek rishta aka ek-rishta 2.10 component for Joomla! allows SQL Injection via the PATHINFO to a home/requesteduser/Sent%20interest/ URI...
Cross site scripting
Cross-site scripting XSS vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /wt3/mydocs.php URI...