CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and...

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

Zomplog 3.9 - Cross site scripting Vulnerability

Exploit Title: Zomplog 3.9 - Cross-site scripting XSS Application: Zomplog Version: v3.9 Bugs: XSS Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

Zomplog 3.9 - Multiple XSS & CSRF Vulnerabilities

No description provided by source...

Zomplog 3.9 - CSRF Vulnerability

No description provided by source...

XSS vulnerability in Zomplog

Vulnerability ID: HTB22642 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzomplog.html Product: Zomplog Vendor: Gerben Schmidt http://www.zomp.nl/zomplog/ Vulnerable Version: 3.9 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: XSS Cross Site...

Zomplog 3.9 - Multiple Cross-Site Scripting Cross-Site Request Forgery Vulnerabilities

Zomplog 3.9 - Multiple Cross-Site Scripting Cross-Site Request Forgery Vulnerabilities Vulnerability ID: HTB22643 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzomplog1.html Product: Zomplog Vendor: Gerben Schmidt http://www.zomp.nl/zomplog/ Vulnerable Version: 3.9 and probably pri...

Zomplog 3.9 XSS exploit-vulnerability warning-the black bar safety net

漏洞 文件 index.php Vulnerability code: 1 0: // some general xxs protection 1 1: $GET’search’ = strreplace’script’, ’, $GET’search’; 1 2: $GET’username’ = strreplace’script’, ’, $GET’username’; Code just remove the script file keyword, the page is vulnerable toXSSattack POC...

zomplog39-xss.txt

Greetings to --d3hydr8 -r45c4l -baltazar -sinner01 -C1c4Tr1Z - Gabitzu and all darkc0de members ; Author: swappie aka faithlove Email : [email protected] Do researching and share! ; Title: ZompLog 3.9 beta CMS Link: http://www.zomp.nl/user-content/downloads/zomplog/zomplog3.9-beta.zip...