23 matches found
EUVD-2019-5217
Malware in sbrugna...
EUVD-2019-5216
Malware in sbrugna...
EUVD-2019-5215
Malware in sbrugna...
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator=update admin password change...
CVE-2019-13950
index.php?c=admin=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
SyGuestBook A5 Cross-Site Request Forgery Vulnerability
SyGuestBook A5 is a PHP-based open source message board system . A cross-site request forgery vulnerability exists in SyGuestBook A5 version 1.2. An attacker can use this vulnerability to change the administrator password...
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change...
CVE-2019-13950
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13950
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change...
Cross site request forgery (csrf)
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change...
Cross site scripting
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
Cross site scripting
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13950
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
CVE-2019-13950
CVE-2019-13950 affects SyGuestBook A5 Version 1.2. The issue is a stored XSS in index.php?c=admin&a=index introduced via a reply to a comment. Root cause described in CNVD as lack of proper validation of client-side data by the WEB application. Impact stated in sources as client-side code executi...
CVE-2019-13949
The CVE-2019-13949 entry documents a CSRF vulnerability in SyGuestBook A5 Version 1.2 where there is no CSRF protection. The underlying issue allows an attacker to trigger a request to index.php?c=Administrator&a=update (admin password change) without authentication, enabling unauthorized admin p...
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change...