67 matches found
RosarioSis 跨站脚本漏洞
RosarioSis is a student information system. It is used to manage students, create reports and make the right decisions. A cross-site scripting vulnerability exists in RosarioSIS version 8.2.1, which stems from a lack of data validation filtering on user-supplied data and output. An attacker can...
PT-2020-14549 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax dashboard.php file,...
PT-2020-11987 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions for CentOS 6 and 7 Description: The issue allows SQL Injection via the "/cwp SESSION HASH/admin/loader ajax.php" API endpoint, specifically through the term parameter. This enables potential attackers to inject...
wp-live-chat-support cross-site scripting vulnerability
WP Live Chat Support is feature-rich live chat plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress wp-live-chat-support plugin prior to version 8.0.18, which stems from the program failing to properly encode parameters. A remote attacker can exploit this vulnerabili...
CVE-2018-18460
XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request...
CVE-2018-18460
CVE-2018-18460 affects the WordPress plugin wp-live-chat-support version 8.0.15 . The vulnerability is a Cross-Site Scripting (XSS) flaw in the file modules/gdpr.php that can be triggered via the parameter term in requests to the admin endpoint /wp-admin/admin.php on the page wplivechat-menu-gdpr...
PT-2018-14475 · WordPress · Wp-Live-Chat-Support
Name of the Vulnerable Software and Affected Versions: wp-live-chat-support version 8.0.15 Description: A security issue exists in the wp-live-chat-support plugin for WordPress. The problem is related to the term parameter in the "modules/gdpr.php" file. This issue can be exploited through a...
CVE-2018-17377
SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter...
FUEL CMS SQL Injection Vulnerability
FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.1 suffers from a SQL injection vulnerability that can be exploited by an attacker via the layout, published or searchterm parameters of pages/items...
OpenEMR SQL Injection Vulnerability (CNVD-2019-10146)
OpenEMR is a medical practice management software that also supports electronic medical records EMR. A SQL injection vulnerability exists in interface/deidentificationforms/finddrugpopup.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by remote attackers to execute arbitrary SQL...
CVE-2018-9122
In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI...
Crea8Social cross-site scripting vulnerability (CNVD-2018-07586)
Crea8social is a PHP-based social networking platform developed by Nigerian software developer Tiamiyu Waliu Kola. A cross-site scripting vulnerability exists in Crea8social version 2018.2. A remote attacker can exploit the vulnerability by sending the 'term' parameter to the /search URI to injec...
CVE-2017-14403
The EyesOfNetwork web interface aka eonweb 5.1-0 has SQL injection via the term parameter to module/admingroup/search.php...
CVE-2017-14403
The EyesOfNetwork web interface aka eonweb 5.1-0 has SQL injection via the term parameter to module/admingroup/search.php...
CVE-2017-5345
SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI...
OIC Exponent CMS SQL Injection Vulnerability (CNVD-2016-11262)
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. An SQL injection vulnerabilit...
CVE-2011-5209
Cross-site scripting XSS vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter...
CVE-2011-5209
Cross-site scripting XSS vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter...
CVE-2008-5628
SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter...