Lucene search
K

109 matches found

CNVD
CNVD
added 2017/04/04 12:0 a.m.3 views

Stored Cross-Site Scripting Vulnerability in PageAdmin CMS Online Message Feature

PageAdmin CMS is an enterprise building system based on PHP and mysql technology. A stored cross-site scripting vulnerability exists in the online message function of PageAdmin CMS. An attacker can insert malicious js code into the page to obtain user cookies and other information, resulting in...

6.4AI score
Exploits0
CNVD
CNVD
added 2017/03/22 12:0 a.m.2 views

Multiple vulnerabilities in jeecms JSPGOU

jspgou is based on java technology development of e-commerce management software. jeecms JSPGOU has stored cross-site scripting, CSRF and arbitrary file reading vulnerabilities. Due to the front-end input filtering is not strict, the background operation does not verify the source , allowing...

7AI score
Exploits0
CNVD
CNVD
added 2017/03/03 12:0 a.m.3 views

OEcms enterprise website system system url parameter exists stored cross-site scripting vulnerability

OEcms enterprise website system system is developed by OEcms technology OEdev based on the development of OEPHP architecture system to develop a set of enterprise building system. OEcms enterprise website system system there are stored cross-site scripting vulnerabilities. Due to poor filtering o...

5.8AI score
Exploits0
CNVD
CNVD
added 2016/12/09 12:0 a.m.4 views

XSS Cross-Site Scripting Vulnerability in Apabi Thesis Authorization Submission System of Beijing Founder Apabi Technology Co.

Apabi Thesis Authorization Submission System is a thesis submission system that can be used by college libraries to collect students' theses developed by Beijing Founder Apabi Technology Co. A cross-site scripting vulnerability exists in the Apabi Thesis Authorization Submission System of Beijing...

6.4AI score
Exploits0
CNVD
CNVD
added 2016/11/25 12:0 a.m.1 views

XSS Cross-Site Scripting Vulnerability and CSRF Vulnerability in OpenPortal Network Access System

OpenPortal network access authentication system supports standard Portal protocol, Portal V1 V2 protocol, CMCC protocol, WISPr protocol and PAP CHAP authentication, widely used in smart communities, smart cities, smart hospitals, plazas, large-scale supermarkets, hotels, tourist attractions,...

6.3AI score
Exploits0
CNVD
CNVD
added 2016/10/19 12:0 a.m.4 views

XSS Vulnerability in NetEase Email Master Client PC Version

NetEase Mail Master client is a universal email client launched by NetEase 163. An XSS vulnerability exists in the PC version Ver2.4.1.8 of the NetEase Mail Master client. It allows attackers to insert malicious js code into the page to obtain user cookies and other information, leading to user...

6.5AI score
Exploits0References1
CVE
CVE
added 2016/10/05 5:0 p.m.47 views

CVE-2016-6417

Cisco FireSIGHT System Software (4.10.2–6.1.0) and Firepower Management Center are affected by CVE-2016-6417, a Cross‑Site Request Forgery vulnerability that lets remote attackers hijack the authentication of arbitrary users. The underlying issue is CSRF in the management interfaces, enabling una...

8.8CVSS8.9AI score0.00629EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/09/02 12:0 a.m.1 views

SQL Injection and XSS Vulnerabilities in Centro InfoTech Web Management System Wim V1.03

Ltd. is Huaibei Shengtuo Information Technology Co., Ltd. is Huaibei website construction, website optimization, 400 telephone for, short message group sending, software development, Internet industry companies. SQL injection and XSS vulnerability exists in version 1.03 of Centro InfoTech's websi...

7.2AI score
Exploits0
CNVD
CNVD
added 2016/08/19 12:0 a.m.3 views

Cygnus eMail Client - Email Content Cross-Site Scripting Vulnerability

Cygnus EaseMail Client is a professional e-mail client software for sending, receiving and managing e-mails, supporting the import of certificates and encrypted sending. A cross-site scripting vulnerability exists in the Cygnus Ease Mail client. It allows attackers to insert malicious js code int...

6.4AI score
Exploits0
CNVD
CNVD
added 2016/07/11 12:0 a.m.3 views

Imperial Download System V2.5 Link Injection and Stored Cross-site Vulnerabilities

Empire Download System" is a code completely open source, dedicated to the website information download and online video site to provide solutions. The system V2.5 a module in the background there are link injection and cross-site vulnerabilities, the attacker inserted malicious code in the page ...

7AI score
Exploits0
CNVD
CNVD
added 2016/03/21 12:0 a.m.4 views

Cross-Site Scripting Vulnerability in Dreammail Email Client

DreamMail is a professional e-mail client software for sending, receiving and managing e-mail. A cross-site scripting vulnerability exists in the Dreammail Ver 5.16.1003.1015 email client. It allows an attacker to insert malicious js code into a page to obtain user cookies and other information,...

6.4AI score
Exploits0
CNVD
CNVD
added 2016/01/29 12:0 a.m.3 views

Positive ZDsoft Employment Management System suffers from XSS Cross-Site Scripting Vulnerability

Positive ZDsoft Employment Management System is a website generation system. The Zhengfang ZDsoft Employment Management System suffers from an XSS cross-site scripting vulnerability. It allows an attacker to insert malicious js code into a page to obtain user cookies and other information, leadin...

6AI score
Exploits0
NVD
NVD
added 2015/08/25 1:59 a.m.15 views

CVE-2015-6262

Cross-site request forgery CSRF vulnerability in Cisco Prime Infrastructure 1.20.103 and 2.00.0 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059...

6.8CVSS7.2AI score0.00996EPSS
Exploits0References2
NVD
NVD
added 2015/08/20 10:59 a.m.12 views

CVE-2015-0542

Multiple cross-site request forgery CSRF vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users...

6.8CVSS7.3AI score0.00981EPSS
Exploits0References3
Prion
Prion
added 2015/07/22 2:59 p.m.19 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146...

6.8CVSS7.7AI score0.00981EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/01/15 10:59 p.m.18 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cisco Unified Communications Domain Manager UCDM 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055...

6.8CVSS7.7AI score0.01267EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2014/09/17 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-2347-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS6.4AI score0.02449EPSS
Exploits1References2
Prion
Prion
added 2014/09/10 10:55 a.m.26 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS...

6CVSS6.4AI score0.00662EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2013/10/11 9:55 p.m.21 views

CVE-2013-4306

Cross-site request forgery CSRF vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors...

6.8CVSS7.2AI score0.00897EPSS
Exploits0References7
NVD
NVD
added 2013/10/01 7:55 p.m.22 views

CVE-2013-3963

Cross-site request forgery CSRF vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WPHD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified...

6.8CVSS7.2AI score0.00965EPSS
Exploits1References1
Rows per page
Query Builder