12 matches found
EUVD-2018-6842
Malware in sbrugna...
EUVD-2018-6437
Malware in sbrugna...
CSRF Vulnerability in School Worry-free Enterprise Website System v1.7
School carefree enterprise website system Xiao5uCompany is a set of enterprise-oriented rapid website building system. The system uses Div and CSS layout, compatible with IE and other browsers. There is a CSRF vulnerability in version v1.7 of Xiao5uCompany, which can be exploited by remote...
CVE-2018-14960
Xiao5uCompany 1.7 has CSRF via admin/Admin.asp...
CVE-2018-14960
Xiao5uCompany 1.7 has CSRF via admin/Admin.asp...
CVE-2018-14960
CVE-2018-14960 affects Xiao5uCompany 1.7. The vulnerability is a CSRF via admin/Admin.asp, allowing remote attackers to add administrator or other user accounts (per CNVD CNVD-2018-17499). Impact and exploit details: the CSRF could compromise account management, potentially affecting all users th...
CVE-2018-14960
Xiao5uCompany 1.7 has CSRF via admin/Admin.asp...
CVE-2018-14527
Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...
Cross site scripting
Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...
CVE-2018-14527
Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...
CVE-2018-14527
CVE-2018-14527 affects Xiao5uCompany/“Xiao5uCompany” v1.7. Reported as an XSS vulnerability where Feedback.asp is not adequately protected by Safe.asp (e.g., it handles SCRIPT/IMG but not VIDEO). CNVD sources describe a stored XSS in School Worry-free Enterprise Website System v1.7, enabling an a...
Storage-based Cross-site Scripting Vulnerability in School Worry-free Enterprise Website System v1.7
School carefree enterprise website system Xiao5uCompany is a set of company and enterprise-oriented website building system. A stored cross-site scripting vulnerability exists in XiaowuCompany v1.7. An attacker can use the vulnerability to insert malicious js code into the page, obtain user cooki...