780 matches found
Cross site scripting
Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to ipsearch.php, related to PHPSELF...
CVE-2017-14070
Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to ipsearch.php, related to PHPSELF...
CVE-2017-14070
The CVE-2017-14070 entry describes a Cross Site Scripting (XSS) vulnerability in NexusPHP 1.5.beta5.20120707. The issue arises via PATH_INFO to ipsearch.php and is related to PHP_SELF. Multiple sources (NVD, Red Hat, CNVD, CNVD-derived entries) confirm the affected software and the vulnerability ...
CVE-2017-14070
Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to ipsearch.php, related to PHPSELF...
CVE-2017-12948
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATHINFO to wp-admin/admin.php, related to PHPSELF...
CVE-2017-11355
Pegasystems PEGA Platform 7.2 ML0 and earlier are affected by multiple XSS vulnerabilities (CVE-2017-11355) allowing remote attackers to inject arbitrary scripts via PATH_INFO, the JavaBean viewer beanReference, or pyTableName on the System database schema modification page; CVE-2017-11356 also a...
CVE-2017-0378
XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php...
Cross site scripting
XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php...
CVE-2017-0378
XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php...
CVE-2017-0378
Removed by vendor...
Code injection
phpSocial formerly phpDolphin before 3.0.1 has XSS in the PATHINFO to the search/tag/ URI...
Cross site scripting
Cross site scripting XSS vulnerability in pages.editform.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATHINFO in an acp.php URL, due to use of unsanitized $SERVER'PHPSELF' to generate URLs...
Cross site scripting
Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...
CVE-2017-9249
Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...
CVE-2017-7897
A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...
Cross site scripting
A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...
CVE-2017-7897
A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...
CVE-2017-7897
A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...
CVE-2017-7897
A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Oliver formerly Webshare 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to the 1 login page index.php or 2 login form loginform-inc.php...