cskefu 安全漏洞

cskefu Chunsong Customer Service is an open-source, free intelligent customer service system developed by Chatopera in China. Versions of cskefu 8.0.1 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the url parameter by the Endpoint component in...

kodbox 代码问题漏洞

kodbox is a web file manager by warlee individual developer. A code issue vulnerability exists in kodbox version 1.61, which stems from a server-side request forgery due to incorrect manipulation of the parameter url in the file /?explorer/upload/serverDownload...

Wing FTP Server 安全漏洞

Wing FTP Server is a set of cross-platform FTP server software open-sourced by Wing FTP Server. A security vulnerability exists in versions of Wing FTP Server prior to 7.4.4, which stems from failure to properly validate and clean up the url parameter of the downloadpass.html endpoint, which coul...

CVE-2023-3540

A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack...

CVE-2023-3539

A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated...

CVE-2023-3535

A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be...

CVE-2023-29211 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights WikiManager.DeleteWiki can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the wiki...

MobiSoft MobiPlus 安全漏洞

MobiSoft MobiPlus is a leading integrated solution for activities in the field of sales and distribution of MobiSoft Israel. MobiSoft MobiPlus suffers from a security vulnerability that originates from a MobiSoft user takeover and improper handling of url parameters. The vulnerability can be...

CVE-2020-7741 Cross-site Scripting (XSS)

This affects the package hellojs before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...