27 matches found
CVE-2025-13671
Cross-Site Request Forgery CSRF vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This...
CVE-2025-9208
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...
CVE-2025-9208
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...
CVE-2025-13671
Cross-Site Request Forgery CSRF vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This...
CVE-2025-13671
Cross-Site Request Forgery CSRF vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This...
CVE-2025-9208
OpenText Web Site Management Server contains a stored XSS vulnerability (CVE-2025-9208) in the web page generation flow triggered by the download query parameter removal from a file URL. Affected versions are Web Site Management Server 16.7.x, 16.8, and 16.8.1. The CVSS base score is 7.5 (HIGH) w...
CVE-2025-9208 Stored-XSS vulnerability discovered in OpenText WSM Management Server.
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...
CVE-2025-13671 Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.
Cross-Site Request Forgery CSRF vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This...
CVE-2025-13672 Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
CVE-2025-13672
The CVE-2025-13672 entry describes a Reflected XSS in OpenText Web Site Management Server, affecting versions 16.7.0 and 16.7.1 . The issue arises from improper neutralization of input during web page generation, allowing malicious JavaScript to be injected via URL parameters and rendered in the ...
PT-2026-20944
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
OpenText Web Site Management Server 跨站脚本漏洞
OpenText Web Site Management Server is an enterprise content management system provided by OpenText Corporation in Canada. Versions 16.7.0 and 16.7.1 of OpenText Web Site Management Server contain cross-site scripting vulnerabilities. These vulnerabilities stem from improper handling of inputs...
Harbin Weicheng Technology Co., Ltd. eDa CMS has information leakage vulnerability
Yida CMS YidaCMS is a free open source web site management system based on Microsoft Windows IIS platform , using ASP language and ACCESS and MSSQL dual database development is completed . Harbin Weicheng Technology Co., Ltd. YidaCMS information leakage vulnerability, attackers can use the...
Blog Master Pro 1.0 - CSV Injection
Exploit Title: Blog Master Pro v1.0 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10255 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/blog-master-pro/21689781 Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13 Release Date:...
Good fine web site management system through the kill 0day-vulnerability warning-the black bar safety net
inurl:Search. Asp? Range=Product&Keyword=inurl:ProductBuy. Asp? ProductNo=inurl: ProductShow. asp? ID= Proof user: http://www.xxx.com/hitcount.asp?lx=LiangJingCMSDownSort&id=1%20and%2 0 1=2%20un... inurl:Search. Asp? Range=Product&Keyword= inurl:ProductBuy. Asp? ProductNo= inurl: ProductShow. asp...
Century wind enterprise website management system vulnerability-vulnerability warning-the black bar safety net
by Mr. DzY Century wind enterprise website management system of SME-oriented Web Site Management System,page fine,atmosphere. Having a stable set of strong,multi-function,Safety,code loading speed,web site content management, easy operation and other advantages. The use of div+css architecture,is...
Century wind enterprise website management system plug horse vulnerabilities and fixes-vulnerability warning-the black bar safety net
From www.0855.tv by Mr. DzY Century wind enterprise website management system of SME-oriented Web Site Management System,page fine,atmosphere. Having a stable set of strong,multi-function,Safety,code loading speed,web site content management, easy operation and other advantages. The use of div+cs...
Driving school training web site management system v1. 0 vulnerability-vulnerability warning-the black bar safety net
% Set rsnews=Server. CreateObject"ADODB. RecordSet" sql="update news set hits=hits+1 where id="&cstrrequest"id" conn. execute sql Simple reuqest , and useless to specify the request. querystring or request. form,or request. cookie . EXP: http://localhost/jiaxiao/shownews.asp...
Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross Site Scripting Vulnerability
Qianbo Enterprise Web Site Management System is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user- supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Qianbo Enterprise Web Site Management System XSS Vulnerability (Apr 2011)
Qianbo Enterprise Web Site Management System is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...