NetArt Media Easy Cart Shopping Cart 跨站脚本漏洞

NetArt Media Easy Cart Shopping Cart is a lightweight PHP e-commerce shopping system developed by NetArt Media in Bulgaria. The 2021 version of NetArt Media Easy Cart Shopping Cart contains a cross-site scripting vulnerability. This vulnerability stems from the non-persistent cross-site scripting...

MiracleLinux 4 : mutt-1.5.20-9.20091214hg736b6a.AXS4 (AXSA:2018-3302:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3302:01 advisory. mutt: Remote code injection vulnerability to an IMAP mailbox CVE-2018-14354 mutt: Remote Code Execution via backquote characters CVE-2018-14357 mutt...

MiracleLinux 7 : mutt-1.5.21-28.el7 (AXSA:2018-3300:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3300:01 advisory. mutt: Remote code injection vulnerability to an IMAP mailbox CVE-2018-14354 mutt: Remote Code Execution via backquote characters CVE-2018-14357 mutt...

CVE-2005-1659

Cross-site scripting XSS vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." triple dot followed by an onmouseover event...

CVE-2018-19953

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on buil...

CVE-2009-4516

Cross-site scripting XSS vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4868

Cross-site scripting XSS vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the qid parameter to the answers script aka answers.php. NOTE: some of these details are obtained from third party information...

CVE-2009-4837

Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 sig1 parameter to base/baseqrymain.php, or the time01 parameter to 2 base/basestatalerts.php or 3...

CVE-2009-4948

Cross-site scripting XSS vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2001-1523

Cross-site scripting XSS vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter...

CVE-2021-41461

Cross-site scripting XSS vulnerability in concrete/elements/collectionadd.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter...

CVE-2021-27318

Cross Site Scripting XSS vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter...

CVE-2019-18419

A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2019-11843

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...

CVE-2019-20389

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

CVE-2020-7994

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...

CVE-2020-24628

A remote code injection vulnerability was discovered in HPE KVM IP Console Switches versions: G2 4x1Ex32 Prior to 2.8.3...

CVE-2013-6870

Cross-site scripting XSS vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-7411

Multiple stored cross-site scripting XSS in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: 1 Title, 2 Favicon, 3 Meta Description, 4 Subscribe Form Name field label, Last name field label, Email...

CVE-2019-16701

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...