262 matches found
Cross site scripting
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
CVE-2020-13427
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
CVE-2020-13827
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php...
Design/Logic Flaw
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php...
CVE-2018-20590
CVE-2018-20590 affects the Ivan Cordoba Generic Content Management System (CMS) up to 2018-04-28. The vulnerability is a Cross-Site Scripting (XSS) flaw in the file or path used by the Administrator/users.php user ID. The linked CNVD entry describes that the XSS can allow execution of arbitrary J...
CVE-2016-10732
ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...
CVE-2018-17085
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
Design/Logic Flaw
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
CVE-2018-17085
CVE-2018-17085 affects OTCMS 3.61. The vulnerability is a cross-site scripting (XSS) flaw in admin/users.php exploitable via the dataTypeCN, dataMode, and dataModeStr parameters. Exploitation status is not documented in the provided materials. The CNVD entry similarly describes an XSS vector in O...
CVE-2018-11535
An issue was discovered in SITEMAKIN SLAC Site Login and Access Control v1.0. The parameter "myitemsearch" in users.php is exploitable using SQL injection...
Sql injection
An issue was discovered in SITEMAKIN SLAC Site Login and Access Control v1.0. The parameter "myitemsearch" in users.php is exploitable using SQL injection...
CVE-2018-11535
An issue was discovered in SITEMAKIN SLAC Site Login and Access Control v1.0. The parameter "myitemsearch" in users.php is exploitable using SQL injection...
Cross site request forgery (csrf)
I, Librarian version 4.8 and earlier contains a Cross site Request Forgery CSRF vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge...
CVE-2018-1000137
I, Librarian version 4.8 and earlier contains a Cross site Request Forgery CSRF vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge...
CVE-2018-1000137
I, Librarian version 4.8 and earlier contains a Cross site Request Forgery CSRF vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge...
CVE-2018-7176
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php aka the "add user" feature of the User Permissions page...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5690
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5690
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5690
CVE-2018-5690 is an XSS vulnerability in Dotclear 2.12.1 affecting the admin/users.php page. The issue occurs when processing the nb parameter (page limit number), allowing remote authenticated users to inject arbitrary web script or HTML. The affected component is the admin interface (users mana...