27 matches found
PuneethReddyHC Event Management 安全漏洞
PuneethReddyHC Event Management is an application by Puneeth Reddy H C Individual Developer. Helps users to register for events organized in university festivals with simple logic and security. A security vulnerability exists in PuneethReddyHC Event Management version 1.0, which stems from...
IdeaCMS 命令注入漏洞
IdeaCMS is an open source shopping mall system by IdeaCMS. A command injection vulnerability exists in IdeaCMS 1.8 and earlier versions, which stems from incorrect manipulation of the parameter site name in the file app/common/logic/admin/Config.php, which could lead to a command injection attack...
Traffic Offense Reporting System save-settings.php file cross-site scripting vulnerability
Traffic Offense Reporting System is a traffic violation reporting system. Traffic Offense Reporting System suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by the sitename parameter in the save-settings.php file...
CVE-2025-5661
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. It is...
Code-Projects Traffic Offense Reporting System 代码注入漏洞
Traffic Offense Reporting System is a traffic violation reporting system. Traffic Offense Reporting System suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by the sitename parameter in the save-settings.php file...
PT-2025-23932
Name of the Vulnerable Software and Affected Versions code-projects Traffic Offense Reporting System version 1.0 Description A problematic issue was found in the code-projects Traffic Offense Reporting System, affecting the /save-settings.php file of the Setting Handler component. The manipulatio...
CVE-2021-38710
Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...
Directory traversal
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...
CVE-2022-3464
A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument sitename leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this...
PT-2022-22262 · Puppycms · Puppycms
Name of the Vulnerable Software and Affected Versions: puppyCMS versions up to 5.1 Description: A problematic issue has been found in puppyCMS, affecting an unknown part of the file /admin/settings.php. The manipulation of the site name argument leads to cross-site scripting. It is possible to...
puppyCMS 跨站脚本漏洞
puppetCMS is a software application. A flat file CMS. A security vulnerability exists in puppyCMS versions prior to 5.1, which originates in an unknown section of the file /admin/settings.php, where the action parameter sitename leads to cross-site scripting XSS...
CVE-2021-38710
Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...
CVE-2021-38710
Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...
Cross site scripting
Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...
Github yclas 跨站脚本漏洞
Github yclas is a powerful script that can convert any domain into a fully customizable classified ads site in seconds. A cross-site scripting vulnerability exists in Yclas version 4.3.0, which stems from the fact that the software's install/view/form.php does not validate and escape the SITENAME...
baigo CMS Cross-Site Scripting Vulnerability
baigo CMS is a PHP-based open source web content management system. A cross-site scripting vulnerability exists in baigo CMS 2.1.1. A remote attacker can use this vulnerability to inject arbitrary Web script or HTML via the optbaseBGSITENAME parameter of the bgconsole/index.php?m=opt&c=request UR...
CVE-2019-9226
An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the optbaseBGSITENAME parameter to the bgconsole/index.php?m=opt&c=request URI...
DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-00996)
DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/system.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2018-20558
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the sitename parameter...
CVE-2018-20558
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the sitename parameter...