10 matches found
CVE-2021-28935
CMS Made Simple CMSMS 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin My Preferences Title field...
Design/Logic Flaw
CMS Made Simple CMSMS 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin My Preferences Title field...
CVE-2021-28935
CMS Made Simple CMSMS 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin My Preferences Title field...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 unspecified parameters to apps/calendar/ajax/event/new.php or 2 url parameter to apps/bookmarks/ajax/addBookmark.php...
Code injection
CMS Made Simple CMSMS 2.2.5 has XSS in admin/addbookmark.php via the title parameter...
CVE-2018-5963
CMS Made Simple CMSMS 2.2.5 has XSS in admin/addbookmark.php via the title parameter...
CVE-2018-5963
CMS Made Simple CMSMS 2.2.5 has XSS in admin/addbookmark.php via the title parameter...
CVE-2018-5963
CMS Made Simple (CMSMS) 2.2.5 contains a cross-site scripting (XSS) vulnerability in admin/addbookmark.php exploitable via the title parameter. The issue, reported in multiple sources, is a client-side script injection risk in the CMSMS admin interface; no details on exploit vectors or specific p...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the 1 tag parameter to apps/bookmarks/ajax/addBookmark.php or 2 dir parameter to apps/files/ajax/newfile.php, which is passed to...
CVE-2012-4393
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...