3 matches found
FlatPress 跨站脚本漏洞
FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress versions prior to 1.3. An attacker can exploit this vulnerability to perform cross-site scripting attacks...
FlatPress Cross-Site Scripting Vulnerability (CNVD-2022-58896)
Flatpress is a blog builder based on Php without database support from the Flatpress community. A cross-site scripting vulnerability exists in FlatPress version 1.2.1. An attacker can exploit this vulnerability to execute arbitrary JavaScript commands via blog content...
sBLOG search.php keyword Parameter SQL Injection
The remote host is running sBLOG, a PHP-based blog application. The installed version of sBLOG fails to validate user input to the 'keyword' parameter of the 'search.php' script before using it to generate database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated attacker...