59 matches found
CVE-2025-14013 JIZHICMS Comment addcomment.html cross site scripting
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14013 JIZHICMS Comment addcomment.html cross site scripting
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14011
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...
PT-2025-49106
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
JIZHICMS 代码注入漏洞
JIZHICMS Jizhi CMS is a set of open source content management system CMS of China Jizhi JIZHI company. A code injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect manipulation of the parameter body in the file /index.php/admins/Comment/addcomment.html,...
JIZHICMS SQL注入漏洞
JIZHICMS Jizhi CMS is an open source content management system CMS from China Jizhi JIZHI. A SQL injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect manipulation of the parameter aid/tid in the file /index.php/admins/Comment/addcomment.html, which may...
EUVD-2018-17142
Malware in sbrugna...
MAL-2024-7500 Malicious code in sap-addcomment (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8df2eaaea1ef6b7bc78fa9ed808cd5b2150abf1c7f9dd98694505388e77b589 The OpenSSF Package Analysis project identified 'sap-addcomment' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in sap-addcomment (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8df2eaaea1ef6b7bc78fa9ed808cd5b2150abf1c7f9dd98694505388e77b589 The OpenSSF Package Analysis project identified 'sap-addcomment' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
CVE-2024-3943
The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodoaddcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via...
PT-2024-5069 · WordPress · Wp To Do
Name of the Vulnerable Software and Affected Versions: WP To Do plugin versions up to, and including, 1.3.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability due to missing or incorrect nonce validation on the wptodo addcomment function. This allows...
CVE-2023-4713
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...
CVE-2023-4713
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...
Sql injection
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...
CVE-2023-4713 IBOS OA addcomment addComment sql injection
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...
CVE-2023-4713
The CVE-2023-4713 entry concerns IBOS OA 4.5.5 where the addComment function at ?r=weibo/comment/addcomment is vulnerable to SQL injection via the touid parameter. The vulnerability is described as critical, with potential high impact on confidentiality, integrity, and availability. The root caus...
CVE-2023-4713 IBOS OA addcomment addComment sql injection
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...
IBOS SQL Injection Vulnerability
IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the fact that incorrect manipulation of the touid in the addComment function of ?r=weibo/comment/addcomment can lead to SQL injection...
CVE-2020-21052
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function...
ZrLog 跨站脚本漏洞
ZrLog is a blogging system developed using the Java language. A cross-site scripting XSS vulnerability exists in ZrLog version 2.1.3. An attacker can exploit this vulnerability to execute arbitrary code via the nickname parameter of the /post/addComment function...