75 matches found
PHP-Calendar 跨站脚本漏洞
PHP-Calendar is a calendar application by Sean Proctor Individual Developer. PHP-Calendar suffers from a code injection vulnerability that originates in an unknown section of the component index.php, where manipulation of the parameter $SERVER PHPSELF can lead to cross-site scripting...
PT-2022-27234
Name of the Vulnerable Software and Affected Versions sproctor php-calendar affected versions not specified Description A problematic vulnerability was found in sproctor php-calendar, affecting an unknown part of the file index.php. The manipulation of the argument $ SERVER'PHP SELF' leads to cro...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted PATHINFO in a URL. An attacker can inject arbitrary code by manipulating the unsanitized $SERVER'PHPSELF' used to generate URLs. Details Cross-site scriptin...
CVE-2022-1216
The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...
WordPress plugin Custom TinyMCE Shortcode Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress Custom TinyMCE Shortcode Buttons plugin version 1.1 and earlier is vulnerable to a...
WordPress plugin Advanced Image Sitemap 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Advanced Image Sitemaps plugin 1.2 and earlier versions are vulnerable to a cross-site scripting...
CVE-2021-38327
The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0...
CVE-2021-38332
The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin WP Scrippets 1.5.1 and earlier versions, which stems from a lack of valid validation and escaping of the $SERVER"PHPSELEF" value in /wp-scrippets. An attacker...
CVE-2021-39322
The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path...
CVE-2021-34663
The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...
Cacti cross-site scripting vulnerability (CNVD-2018-08667)
Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. Cacti suffers from a cross-site scripting vulnerability. The vulnerability arises because the getcurrentpage function in lib/functions.php relies on...
phpMyAdmin Injection Attack Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 4.6.3...
CVE-2009-5077
CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHPSELF variable, which is not properly handled by 1 includes/applicationtop.php and 2 admin/includes/applicationtop.php...
PT-2011-1331 · Cre Loaded · Cre Loaded
Name of the Vulnerable Software and Affected Versions: CRE Loaded versions prior to 6.2.14 Description: The issue allows remote attackers to bypass authentication and gain administrator privileges. This is related to a modified PHP SELF variable, which is not properly handled by includes in the...