CVE-2020-11001

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...

CVE-2018-15748

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...

CVE-2017-9836

Cross-site scripting XSS vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtualname parameter to /admin.php i.e., creating a virtual album...

CVE-2019-14222

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...

CVE-2019-10687

KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print= request...

CVE-2019-20139

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user...

CVE-2019-17577

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails fields 'Errors-To' in emails sent" field...

CVE-2019-9551

An issue was discovered in DOYO aka doyocms 2.3 through 2015-05-06. It has admin.php XSS...

CVE-2019-17578

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails default value in php.ini: Undefined" field...

CVE-2018-5074

Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter...

CVE-2018-19461

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php...

CVE-2018-5076

Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter...

CVE-2018-10031

CMS Made Simple aka CMSMS 2.2.7 has CSRF in admin/moduleinterface.php...

CVE-2018-15198

An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user...

CVE-2018-17560

The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected...

CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with 1...

Credit Card Application Management System SQL Injection Vulnerability

Credit Card Application Management System is a credit card application management system. Credit Card Application Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in the file...

CVE-2025-48417

The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...

PT-2025-22346 · Echarge Hardy Barth · Cph2 / Cpp2 Charging Stations

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns hard-coded TLS certificates and private keys in the firmware for the web interface, specifically on TCP port 443. An attacker can exploit this by using the private key to...

CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an...