156 matches found
CVE-2018-20627
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box...
CVE-2018-20627
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box...
CVE-2018-20627
CVE-2018-20627 concerns PHP Scripts Mall Consumer Reviews Script 4.0.3, where an HTML injection vulnerability is reported via the search box. The available connected documents confirm the affected product and the attack surface but do not provide concrete details on exploit specifics, affected ve...
CVE-2018-17420
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter...
Khan Academy: POST XSS in https://www.khanacademy.org.tr/ via page_search_query parameter
Hey there, while testing your program I came across a XSS vulnerability in the search area of your website. The vector uses HTTP POST request and the parameter is "pagesearchquery"" on www.khanacademy.org.tr/arama.asp In the next topics I will demonstrate how you can reproduce the vulnerability...
U.S. Dept Of Defense: sql injection on /messagecenter/messagingcenter at https://www.███████/
Hi , i would like to report an issues that lead to SQL injection in search box at https://www.████/messagecenter/messagingcenter , if you add the character ' that usually used to test if the site have in sql injection the site will return with Incorrect syntax error that can confirm the site is...
CVE-2018-10076
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality the search box of the Dashboard...
Server side request forgery (ssrf)
EasyCMS 1.3 has XSS via the s POST parameter aka a search box value in an index.php?s=/index/search/index.html request...
CVE-2018-10374
EasyCMS 1.3 has XSS via the s POST parameter aka a search box value in an index.php?s=/index/search/index.html request...
CVE-2018-10374
EasyCMS 1.3 is affected by a Cross‑Site Scripting (XSS) vulnerability in the s POST parameter (the value of the search box) sent to index.php?s=/index/search/index.html. The issue arises from XSS in that parameter, enabling injection of arbitrary script/HTML. This CVE entry corresponds to EasyCMS...
CVE-2018-10374
EasyCMS 1.3 has XSS via the s POST parameter aka a search box value in an index.php?s=/index/search/index.html request...
CVE-2018-9015
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...
Code injection
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...
CVE-2018-9015
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...
CVE-2018-9017
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...
CVE-2018-9017
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...
CVE-2018-9015
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...
CVE-2018-9015
CVE-2018-9015 affects dsmall v20180320, with a cross-site scripting (XSS) vulnerability exploitable via the public/index.php/home/predeposit/index.html page’s pdr_sn parameter (the CMS search box). The issue stems from unsanitized input in the pdr_sn field, enabling injection of arbitrary web scr...
CVE-2018-9017
CVE-2018-9017 affects dsmall v20180320 with a cross-site scripting (XSS) vulnerability可 in the public/index.php/home/membersnsfriend/findlist.html page via the member search box. CNVD/CNVD-2018-07558 describe a remote attacker injecting HTML/JavaScript to obtain sensitive information. The provide...
Microsoft SharePoint Limited Access Permission Bypass
vulnerability Title: Microsoft SharePoint 'Limited Access' Permission Bypass This vulnerability was discovered by 'Behnam Vanda' January 07, 2018 ====================== I. About Vulnerability ====================== A permission level bypass vulnerability has been identified in microsoft sharePoin...