16 matches found
CVE-2024-57159
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/add.html...
CVE-2024-51157
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component http://erp.07fly.net:80/oa/OaSchedule/add.html...
CVE-2020-23595
Cross Site Request Forgery CSRF vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint...
YzmCMS Cross-Site Scripting Vulnerability (CNVD-2021-90910)
YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed solely by Yuan Zhimeng. cross-site scripting vulnerability exists in the /link/add.html component of YzmCMS version 5.3. An attacker can use this vulnerability to execute arbitrary Web scripts ...
CVE-2020-23373
Cross-site scripting XSS vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter...
CVE-2020-23373
CVE-2020-23373 affects NoneCMS v1.3.0, with an XSS in admin/nav/add.html. The underlying issue is that the name parameter can trigger injection of arbitrary script/HTML by remote authenticated attackers. Public details across CNVD/NVD OSV entries consistently describe the same vector and impact; ...
CVE-2020-23376
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack...
Sql injection
whatsns 4.0 allows index.php?inform/add.html qid SQL injection...
CVE-2019-11451
whatsns 4.0 allows index.php?inform/add.html qid SQL injection...
CVE-2019-11451
CVE-2019-11451 affects the web app "whatsns 4.0". A SQL injection vulnerability exists in the parameterized endpoint: index.php?inform/add.html with the qid parameter. The root cause is unsanitized input leading to SQL injection, enabling an attacker to potentially read/modify data and affect ava...
CVE-2018-20015
YzmCMS 5.2 contains a CSRF vulnerability in admin/role/add.html. The CVE entry notes a CSRF weakness with a CVSSv3 base score of 8.8 (HIGH). Attack vector is NETWORK, with no privileges required, but user interaction is required, and impacts are HIGH for confidentiality, integrity, and availabili...
Cross site request forgery (csrf)
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI...
CVE-2018-19138
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI...
CVE-2018-19138
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI...
Cross site request forgery (csrf)
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI...
CVE-2018-16449
CVE-2018-16449 affects OneThink 1.1.141212, enabling cross-site request forgery (CSRF) to perform admin actions: adding a page (admin.php?s=/Channel/add.html), adding a blog (admin.php?s=/Article/update.html), and changing audit state (admin.php?s=/Article/setStatus/status/1.html). The connected ...