UCMS cross-site scripting vulnerability (CNVD-2018-19933)

UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in the 'minfo' parameter of the /ucms/sadmin/aindex.php file in UCMS version 1.4.6, which can be exploited by a remote attacker to inject arbitrary Web script or HTML...

Vectra Cognito Brain and Sensor Web Management Console Cross-Site Scripting Vulnerability

Vectra Cognito Brain and Sensor is a cyber threat sensing system from Vectra Networks, USA. The system supports functions such as cyber attack detection and cyber threat search. A cross-site scripting vulnerability exists in the Web Management Console in Vectra Cognito Brain and Sensor versions...

Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2019-03472)

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in the 'password' parameter of the users/registration page in...

LimeSurvey Cross-Site Scripting Vulnerability (CNVD-2019-31188)

LimeSurvey formerly known as PHPSurveyor is an open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection functions. appendix is one of the appendix components. A cross-site scripting vulnerability...

Accusoft PrizmDoc Cross-Site Scripting Vulnerability

Accusoft PrizmDoc is a document management system from Accusoft Pegasus Imaging, USA. The system includes features such as document management, document viewing and document comparison. A cross-site scripting vulnerability exists in Accusoft PrizmDoc 13.3 and earlier versions. A remote attacker c...

EasyCMS Cross-Site Scripting Vulnerability (CNVD-2018-19558)

EasyCMS is a scalable lightweight open source content management system CMS written in PHP. A cross-site scripting vulnerability exists in the App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf file in EasyCMS version 1.5. The vulnerability can be exploited by remote attacke...

Simple POS SQL Injection Vulnerability

Simple POS is a sales system based on PHP and jQuery. The system supports tax calculation, printing receipts and supports barcode scanning. An SQL injection vulnerability exists in the administration panel in Simple POS version 4.0.24. A remote attacker can exploit the vulnerability by sending th...

OTCMS cross-site scripting vulnerability (CNVD-2018-19744)

OTCMS is an article-based web content management system CMS. A cross-site scripting vulnerability exists in the admin/shareswitch.php file in OTCMS version 3.61. A remote attacker can use the 'fieldName', 'fieldName2' and 'tabName' parameters to inject arbitrary Web script or HTML with the...

MiniCMS Cross-Site Scripting Vulnerability (CNVD-2018-19748)

MiniCMS is a mini content management system CMS designed for personal websites. A cross-site scripting vulnerability exists in MiniCMS version 1.10, which stems from the program's failure to properly handle $SERVER'REQUESTURI'. A remote attacker can inject arbitrary web script or HTML with the he...

CVE-2018-1756

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599...

ShowDoc Cross-Site Scripting Vulnerability

ShowDoc is an online document sharing tool. A cross-site scripting vulnerability exists in ShowDoc version 1.8.0, which can be exploited by remote attackers to inject arbitrary web script or HTML via a newly created page...

Mayan EDMS Cross-Site Scripting Vulnerability

Mayan EDMS is a document management system developed by software developer Roberto Rosario. The system supports electronic signatures, version control, optical character recognition, etc. Tags app is one of the tag management applications. A cross-site scripting vulnerability exists in the Tags a...

PHPOK Cross-Site Scripting Vulnerability

PHPOK is an enterprise building system that supports expansion. A cross-site scripting vulnerability exists in the framework/www/logincontrol.php file in PHPOK version 4.8.278. A remote attacker can exploit this vulnerability by injecting arbitrary web script or HTML e.g., changing cookies with t...

PHP Scripts Mall Website Seller Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Website Seller Script is an e-commerce website system script from PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Website Seller Script version 2.0.5. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or...

CVE-2018-13395

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML ...

waimai Super Cms Cross Site Scripting Vulnerability

waimai Super Cms is a takeaway ordering system. The system is compatible with IE, Firefox, Chrome, Safari and Opera browsers. A cross-site scripting vulnerability exists in version 20150505 of waimai Super Cms. A remote attacker can exploit this vulnerability by sending the 'fcname' parameter to...

Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2018-17876)

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in Atlassian Fisheye and Crucible versions...

PHP Scripts Mall Myperfectresume/JobHero/Resume Clone Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Myperfectresume/JobHero/Resume Clone Script is a set of online resume generating website scripts by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Myperfectresume/JobHero/Resume Clone Script version 2.0.6, which can be exploited by remote...

The vulnerability of Medtronic MyCareLink Patient Monitor lies in the insufficient verification of data authenticity, allowing attackers to inject arbitrary information into the Medtronic CareLink network.

The vulnerability of Medtronic MyCareLink Patient Monitor relates to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker, operating remotely, to inject arbitrary information into the Medtronic CareLink network...

EC-CUBE Payment Module and GMO-PG Payment Module Cross-Site Scripting Vulnerabilities

LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Japan. The platform supports product login, user evaluation, art layout, etc. EC-CUBE Payment Module and GMO-PG Payment Module are payment modules developed by Japan GMO Payment Gateway Company which are use...