Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a 1 tag name to the Shortlog table in templates/shortlog.php or branch name to the 2 Shortlog table in templates/shortlog.php or 3 Heads table in...

Insolar: XDSI(Cross Domain Script Inclusion)

Summary: As I did not get the proper CWE id over id to add but the proper CWE id is 829: The page includes one or more script files from a third-party domain. Here you are including in your website, someone else's code; You don't have any control over what is in that code, and you don't have any...

EulerOS Virtualization for ARM 64 3.0.5.0 : patch (EulerOS-SA-2020-1065)

According to the versions of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch fil...

elearning-script 1.0 - Authentication Bypass

Exploit Title: elearning-script 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-29 Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: E...

SQL injection vulnerability in in***.php page of S-CMS government website builder system

S-CMS government station building system is Zibo Shining Network Technology Co., Ltd. developed a special government station building solutions to provide products. S-CMS government website building system in.php page SQL injection vulnerability, attackers can use the vulnerability to obtain...

PHP Scripts Mall Advance B2B Script Directory Traversal Vulnerability

PHP Scripts Mall Advance B2B Script is a set of PHP-based scripts for B2B business-to-business trading websites. PHP Scripts Mall Advance B2B Script 2.1.4 suffers from a directory traversal vulnerability, which can be exploited to achieve directory traversal by directly requesting an image...

CVE-2018-12308

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encryptkey" URL parameter...

MiniCMS Arbitrary PHP Code Execution Vulnerability

MiniCMS is a micro content management system designed for personal websites. An arbitrary PHP code execution vulnerability exists in MiniCMS 1.10. An attacker can exploit this vulnerability to execute arbitrary PHP code via the install.php sitename parameter...

PT-2018-14397 · Alchemycms · Alchemycms

Name of the Vulnerable Software and Affected Versions: AlchemyCMS version 4.1.0 Description: A Stored XSS issue has been found in AlchemyCMS via the "/admin/pictures" image field. The vendor disputes the validity of this report, stating that the researcher used an authorized cookie to access a...

LibreHealthIO LH-EHR Arbitrary File Write Vulnerability (CNVD-2019-21231)

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the letter.php file in the LibreHealthIO LH-EHR REL-2.0.0 release, which can be exploited to write a file with malicious content and...

CVE-2018-15182

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields...

CVE-2018-5110

This CVE (CVE-2018-5110) affects Firefox on macOS (OS X) prior to version 58. The issue occurs when cursor visibility is toggled by script from 'none' to an image and back, rendering the cursor temporarily invisible. The description does not specify the exact root cause beyond this behavior, nor ...

Directory traversal

The 'checksum' parameter of the '/common/downloadattachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script...

CVE-2018-11501

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...

Jease Cross-Site Scripting Vulnerability (CNVD-2018-04746)

Jease is a set of open source content management system CMS written in Java language . A cross-site scripting vulnerability exists in Jease. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...

CVE-2018-7469

PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the pname aka Edit Category Name field to admin/categoriesindustry.php aka Categories - Industry Type...

PHP Scripts Mall Select Your College Script SQL Injection Vulnerability

PHP Scripts Mall Select Your College Script is a PHP based categorized search script for higher education institutions by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Select Your College Script version 2.0.2. A remote attacker can exploit this vulnerability to...

CVE-2017-17983

PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php memid parameter...

Design/Logic Flaw

Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter...

PHP Scripts Mall Readymade PHP Classified Script SQL Injection Vulnerability

PHP Scripts Mall Readymade PHP Classified Script is a PHP based classifieds website script by PHP Scripts Mall India. The script supports online sales, classified ads and real estate information display. A SQL injection vulnerability exists in PHP Scripts Mall Readymade PHP Classified Script...