CVE-2018-12111

Cross-site scripting XSS vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /wt3/mydocs.php URI...

CVE-2018-12111

Cross-site scripting XSS vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /wt3/mydocs.php URI...

CVE-2018-12111

The provided connected sources confirm CVE-2018-12111 affects Canon PrintMe EFI webinterface, specifically the /wt3/mydocs.php URI. The vulnerability is a Cross-Site Scripting (XSS) flaw where an attacker can inject arbitrary script/HTML via PATH_INFO, enabling code execution in the context of th...

CVE-2017-9838

Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting XSS vulnerabilities in versions before 5.0.4: index.php leftmenu parameter, core/ajax/box.php PATHINFO, product/stats/card.php type parameter, holiday/list.php monthcreate, monthstart, and monthend parameters, and don/card.ph...

Grav CMS system/src/Grav/Common/Twig/Twig.php file cross-site scripting vulnerability

Grav CMS is a scalable CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. A cross-site scripting vulnerability exists in the system/src/Grav/Common/Twig/Twig.php file in Grav CMS version 1.3.0. A remote attacker can inject...

Cross site scripting

Cross-site scripting XSS vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools...

CVE-2018-5233

Cross-site scripting XSS vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools...

CVE-2018-5233

Grav CMS

Sql injection

SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the 1 PATHINFO or 2 name of a .html file under the all-offers/ URI...

CVE-2018-6370

CVE-2018-6370 affects the NeoRecruit Joomla! extension (version 4.1 and earlier) via SQL Injection in the NeoRecruit 4.1 component, exploitable through PATH_INFO or the name of a .html file under the all-offers/ URI. Multiple sources (NVD entry, Joomla/NeoRecruit notices, Exploit-DB) document the...

Code injection

trixbox 2.8.0.4 has XSS via the PATHINFO to /maint/index.php or /user/includes/language/langChooser.php...

CVE-2017-14536

trixbox 2.8.0.4 has XSS via the PATHINFO to /maint/index.php or /user/includes/language/langChooser.php...

CVE-2017-14536

trixbox 2.8.0.4 has XSS via the PATHINFO to /maint/index.php or /user/includes/language/langChooser.php...

CVE-2017-14536

CVE-2017-14536 affects the trixbox 2.8.0.4 release and is a cross-site scripting (XSS) vulnerability triggered via PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php. The available data describe the vulnerability as an XSS flaw without details on exploitation steps, affected...

Sql injection

SQL Injection exists in the Tumder An Arcade Games Platform 2.1 component for Joomla! via the PATHINFO to the category/ URI...

CVE-2018-5984

SQL Injection exists in the Tumder An Arcade Games Platform 2.1 component for Joomla! via the PATHINFO to the category/ URI...

CVE-2017-17873

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATHINFO to the /p URI...

Sql injection

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATHINFO to the /p URI...

CVE-2017-17873

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATHINFO to the /p URI...

CVE-2017-17621

Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATHINFO to the /detail URI...