Lucene search
K

67 matches found

OSV
OSV
added 2018/12/28 4:29 p.m.1 views

CVE-2018-20561

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter...

4.8CVSS5.8AI score0.00534EPSS
Exploits1References1
OSV
OSV
added 2018/12/28 4:29 p.m.5 views

CVE-2018-20562

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/articlecategory.php?rec=update has XSS via the catname parameter...

4.8CVSS5.8AI score0.00534EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/04 12:0 a.m.3 views

iCMS Cross-Site Request Forgery Vulnerability

iCMS is a content management system CMS built with PHP and MySQL databases. A cross-site request forgery vulnerability exists in iCMS version 7.0.9, which can be exploited by remote attackers with the help of the admincp.php?app=article&do=update page to make administrators review and approve any...

8.8CVSS8.8AI score0.00614EPSS
Exploits1References1
OSV
OSV
added 2018/08/20 1:29 a.m.5 views

CVE-2018-15566

tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...

6.1CVSS5.8AI score0.00675EPSS
Exploits1References1
CNVD
CNVD
added 2017/08/27 12:0 a.m.1 views

TUTUCMS system admin\Article.php page order parameter has SQL injection vulnerability

TUTUCMS is a set of CMS management program focusing on the development of image-based websites, using PHP+MYSQL architecture, which can run on different platforms Windows, Linux, Unix. A SQL injection vulnerability exists in the order parameter of the admin\Article.php page of the TUTUCMS system...

7.7AI score
Exploits0
CNVD
CNVD
added 2017/04/14 12:0 a.m.2 views

TUTUCMS system admin\Article.php page by parameter has SQL injection vulnerability

TUTUCMS is a CMS management program developed for image-based websites. A SQL injection vulnerability exists in the admin\Article.php page of the TUTUCMS system. The lack of filtering of the 'by' parameter allows an attacker to exploit the vulnerability to obtain sensitive information from the...

7.6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2010/05/20 5:30 p.m.3 views

CVE-2010-1995

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the 1 title, 2 subTitle, and 3 author parameters in conjunction with a /admin/news/article/add...

2.1CVSS5.3AI score0.01014EPSS
Exploits0References10
Rows per page
Query Builder