13 matches found
EUVD-2018-8576
Malware in sbrugna...
CVE-2019-17522
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the adminindex.php?page=settings SITE NAME field aka SITENAME, a related issue to CVE-2011-4709.1...
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. A security vulnerability exists in PerfreeBlog version 4.0.11, which originates from a stored cross-site script in the site name field of the background system settings interface...
CVE-2024-27734
A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component...
CSZ CMS 安全漏洞
CSZ CMS is a PHP-based open source content management system CMS. A cross-site scripting vulnerability exists in CSZ CMS version 1.3.0, which stems from the lack of effective filtering and escaping of user-supplied data in the Site Name field, and can be exploited by an attacker to execute...
OpenEMR 跨站脚本漏洞
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A cross-site scripting vulnerability exists in OpenEMR prior to version 7.0.1. The...
CVE-2020-7236
UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= Site Name field of the Site Setup section...
CVE-2019-17667
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...
baigoStudio baigoSSO Code Injection Vulnerability
baigoStudio baigoSSO is a single sign-on system. A security vulnerability exists in baigoStudio baigoSSO v3.0.1. The vulnerability can be exploited by a remote attacker to execute arbitrary PHP code via the site name field in the base configuration...
CVE-2019-10015
baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BGSITENAME field in the optbase.inc.php file...
JPress Cross-Site Scripting Vulnerability
JPress is a set of blogging platform developed using the Java language. A cross-site scripting vulnerability exists in JPress version 1.0-rc.5, which can be exploited to inject arbitrary web script or HTML by sending the site name, site title, or site subtitle fields to the...
Clipper CMS 1.3.3 Cross Site Scripting
Exploit Title: ClipperCMS 1.3.3 Persistent XSS on 'Site name' field Date: 05/27/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://www.clippercms.com/ Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper1.3.3 Version: 1.3.3 Tested on:...
ClipperCMS Cross-Site Scripting Vulnerability
ClipperCMS is a content management system CMS. A cross-site scripting vulnerability exists in the 'Site Name' field of the 'site' tag under configuration in ClipperCMS version 1.3.3. A remote attacker can exploit this vulnerability by sending a specially crafted site name to the...