CVE-2018-16325

There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field...

CVE-2018-16325

GetSimple CMS 3.4.0.9 is affected by Stored/ reflected XSS via the admin/edit.php title field (CVE-2018-16325). The available connected documents confirm XSS in the title input, but do not provide exploitation details or a patch/mitigation entry. No explicit root-cause or vulnerable vector beyond...

CVE-2018-15843

GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field...

CVE-2018-15843

GetSimple CMS 3.3.14 is vulnerable to Cross-Site Scripting (XSS) through the admin/edit.php “Add New Page” field. The CNVD entry attributes the issue to inadequate filtering of the Add New Page input in GetSimple CMS 3.3.14, enabling a remote attacker to inject arbitrary web script or HTML. The C...

Directory traversal

Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. dot dot in the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...

CVE-2015-5481

The CVE-2015-5481 entry documents a Cross-site scripting (XSS) vulnerability in the GD bbPress Attachments WordPress plugin. Affects versions prior to 2.3, vulnerable code resides in forms/panels.php where the tab parameter of gdbbpress_attachments (on wp-admin/edit.php) is not properly filtered,...

CVE-2015-5355

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 post-content or 2 post-title parameter to admin/edit.php...

Saurus CMS 4.7.1 - Multiple Vulnerabilities

No description provided by source. waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind waraxe Date: 14. July 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-106.html...

Saurus CMS 4.7.1 Multiple Vulnerabilities

Saurus CMS version 4.7.1 suffers from cross site scripting, remote file inclusion, local file inclusion, information disclosure, remote SQL injection, HTTP response splitting, cross site request forgery, and directory traversal vulnerabilities. Saurus CMS 4.7.1 LFI / RFI / XSS / SQL Injection /...

CMSmini 0.2.2 Local File Inclusion

Exploit for php platform in category web applications Exploit Title: CMSmini 0.2.2 Local File Inclusion Date: 2011.10.20 Author: I2Sec5-BSK Software Link: http://sourceforge.net/projects/cmsmini/ Version: CMSmini 0.2.2 Tested on: Windows XP --------------------------------------------------...

CVE-2010-1997

Cross-site scripting XSS vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter...

Sql injection

Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 admin/edit.php, 2 admin/add.php, 3 lib/booksearch.php, and possibly other components...

CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

Cross site scripting

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

CVE-2006-3063

The CVE-2006-3063 entry describes multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and prior to 2.0.1 RC5. The flaw allows remote attackers to inject arbitrary script or HTML via user-supplied content in specific parameters across multiple pages: (a) ind...