20 matches found
CVE-2026-41933
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...
CVE-2026-41933 Vvveb < 1.0.8.3 Directory Listing Information Disclosure
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...
EUVD-2026-30294
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...
CVE-2020-37214
CVE-2020-37214 affects Voyager 1.3.0 and is a directory traversal vulnerability in the asset path parameter used by the /admin/voyager-assets endpoint, allowing an attacker to read arbitrary files such as /etc/passwd and .env. The provided metrics show a high impact with both CVSS 3.1 (base score...
CVE-2024-54937
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets...
PT-2024-36455 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: A Directory Listing issue allows remote attackers to access sensitive files and directories via the "/admin/assets" API endpoint. This issue enables unauthorized access to...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit the vulnerability to access sensitive files and directories via /admin/assets...
Online Shopping Portal empty_table.php file cross-site scripting vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the scripts parameter of file...
Online Shopping Portal html_table.php File Cross-Site Scripting Vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...
Online Shopping Portal /admin/assets Cross-Site Scripting Vulnerability
Online Shopping Portal is an online store. Online Shopping Portal suffers from a cross-site scripting vulnerability that originates from the parameter scripts in file /admin/assets/plugins/DataTables/media/unittesting/templates/complexheader2.php that is not validly filtered and escaped by...
CVE-2024-10755
A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Affected is an unknown function of the file /admin/assets/plugins/DataTables/media/unittesting/templates/emptytable.php. The manipulation of the argument scripts leads to cross site scripting. It is...
CVE-2024-10747
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unittesting/templates/domdatath.php. The manipulation of the argument scripts leads to cross site scripting. The...
CVE-2024-7912
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely...
PT-2024-38679 · Unknown · Codeastro Online Railway Reservation System
Name of the Vulnerable Software and Affected Versions: CodeAstro Online Railway Reservation System version 1.0 Description: A vulnerability was found in the system, affecting unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The...
CVE-2020-27956
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=managecar because .php files can be uploaded to admin/assets/uploads/ under the web root...
Cross-site Scripting (XSS) Through SVG Documents
silverstripe/installer and silverstripe/framework are vulnerable to cross-site scripting XSS attacks. These attacks are possible because the Insert Media option within the content editor, and the pathname in admin/assests/add allow attackers to insert SVG documents containing arbitrary javascript...
Code injection
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...
CVE-2017-14498
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...
CVE-2011-4958
Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...
Cross site scripting
Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...