CVE-2017-20095

A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely...

Merchandise Online Store 代码问题漏洞

Merchandise Online Store is a Merchandise Online Store system developed by Carlo Montero. A security vulnerability exists in Merchandise Online Store v1.0, which is caused by a remote code injection issue in the user profile upload port on the system information page...

Remote Code Injection

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Remote Code Injection via sending an SVG file containing the payload. PoC: js const convert = require'convert-svg-to-png'; const...

CVE-2021-34360

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

QNAP NAS 代理服务器跨站请求伪造漏洞

QNAP NAS is an accessible and fast storage solution from China-based QNAP Technologies QNAP. A cross-site request forgery vulnerability exists in the proxy server of QNAP NAS, which can be exploited by remote attackers to inject malicious code. The following products and versions are affected: QT...

GHSA-WCR5-3Q96-C2GR Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page

Cross-site scripting XSS vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary w...

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page

Cross-site scripting XSS vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App

Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

GHSA-3QV7-98VM-XX2V MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO

A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php and Edit Filter page managefiltereditpage.php in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO. NOTE: this vulnerability exis...

phpMyAdmin Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

GHSA-HQ9X-8M8J-5HMH Joomla! vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Joomla! vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

phpMyAdmin Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to 1 libraries/tbllinks.inc.php and...

GHSA-F3F3-5Q5J-6V47 GeSHi vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-WWFH-28HX-W2R2 Joomla! Framework Remote Code Injection Vulnerability

The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values...

TYPO3 Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field...

GHSA-PVM9-288C-V5WQ Remote Code Execution in Apache Struts

XSLTResult allows for the location of a stylesheet being passed as a request parameter. In some circumstances this can be used to inject remotely executable code...

MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted 'configoption' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3...

GHSA-V7QF-22RW-CHPH MantisBT XSS via adm_config_report.php's action parameter

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2...

CVE-2021-27446

The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system...