3 matches found
CVE-2020-10410
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-user.php by adding a question mark ? followed by the payload...
EUVD-2025-198002
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. The vendor was notified early about this...
PT-2025-47308
Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a flaw that allows attackers to perform Cross-Site Request Forgery CSRF attacks in the user editing functionality. The existing CSRF protection can be...