31 matches found
CVE-2022-2740
A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiate...
Shoplazza 1.1 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage...
Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage...
CVE-2022-4596
A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...
CVE-2022-4596
A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...
CVE-2022-4596 Shoplazza Add Blog Post cross site scripting
A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...
PT-2022-27700 · Shoplazza · Shoplazza
Name of the Vulnerable Software and Affected Versions: Shoplazza version 1.1 Description: A problematic issue has been found in the processing of the file "/admin/api/admin/articles/" of the component Add Blog Post Handler. The manipulation of the Title argument leads to cross-site scripting. The...
Shoplazza 1.1 Cross Site Scripting
Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage Blogs"...
CVE-2022-2740 SourceCodester Company Website CMS Add Blog add-blog.php unrestricted upload
A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiate...
Company Website CMS 代码问题漏洞
Company Website CMS is a company website/CMS by Torrahclef Individual Developer. Company Website CMS suffers from a code issue vulnerability that stems from an unrestricted upload due to the manipulation of the parameter ufile in an unknown portion of code in its add blog content component...
Company Website CMS 跨站脚本漏洞
Company Website CMS is a company website/CMS by Torrahclef Personal Developer. Company Website CMS suffers from a cross-site scripting vulnerability that stems from some unknown functionality in the file add-blog.php being affected, resulting in cross-site scripting, where attacks can be launched...
GHSA-M2R2-QC49-GQW4 Gleez CMS Stored XSS
Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...
Gleez CMS Stored XSS
Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...
CVE-2021-46026
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
CVE-2021-46026
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
Cross site scripting
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
CVE-2021-46026
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
PT-2022-12511 · Unknown · Mysiteforme
Name of the Vulnerable Software and Affected Versions: mysiteforme affected versions not specified Description: The issue concerns a Cross Site Scripting XSS vulnerability via the add blog tag function in the background blog management. This allows for potential malicious script execution...
CVE-2018-16449
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...