75 matches found
GHSA-PVPG-9553-F979 Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...
Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...
CVE-2022-28060
SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...
CVE-2022-28060
SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...
Victor CMS SQL注入漏洞
Victor CMS is an open source content management system by Victor Alagwu, a personal developer in Nigeria. v1.0 of Victor CMS is vulnerable to SQL injection, which originates from the username parameter in /includes/login.php, and can be exploited by attackers to inject queries in /CMSsite/ throug...
CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...
CVE-2020-25476
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...
CVE-2020-25476
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...
CVE-2018-16432
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
TP-Link EAP Controller and Omada Controller Cross-Site Scripting Vulnerability (CNVD-2018-09302)
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A cross-site scripting vulnerability exists in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows. A remote attacker can...
SQL injection vulnerability in the user_name parameter of Request.aspx page of Nanjing Fargo Streaming Media System.
Nanjing Fargo streaming media system is mainly used for applications such as network TV, live event broadcasting, remote education, enterprise roadshow and multimedia public information service, etc. The system integrates computer, network, audio/video and mobile communication and other related...
CVE-2016-1596
Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...
Stored XSS in ViewWorkflowTransition.jsp
Step to reproduce: 1 Go to workflow edit page as an administrator 2 Add validator "User Permission Validator" to transition with user name parameter "alert2" 3 It will trigger xss on ViewWorkflowTransition page...
CVE-2009-1228
Cross-site scripting XSS vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field username parameter...
CVE-2008-6096
Cross-site scripting XSS vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the 1 web interface login page or the 2 telnet login page...