Cross site scripting

XSS exists in CMS Made Simple version 2.2.7 via the m1newsurl parameter in an admin/moduleinterface.php "Content--News--Add Article" action...

CVE-2018-18215

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account...

PYSEC-2018-3

An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission new in Django 2.1...

Collectric CMU 1.0 - lang SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Tested on: Linux CVE: N/A About...

Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2019-03469)

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in the admin/index.php file in Monstra CMS version 3.0.4, which c...

Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability

Cisco Packaged Contact Center Enterprise is an omnichannel customer care solution. The product focuses on providing self-service Interactive Voice Response IVR and multi-channel automated call distribution. A cross-site scripting vulnerability exists in the web-based administration interface in...

Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability

Cisco Packaged Contact Center Enterprise is an omnichannel customer care solution. The product focuses on providing self-service Interactive Voice Response IVR and multi-channel automated call distribution. A cross-site request forgery vulnerability exists in the web-based administration interfac...

Arbitrary File Download Vulnerability in S-CMS School Building System

S-CMS school station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. There is an arbitrary file download vulnerability in S-CMS school website system. The vulnerability is due to the background management...

CVE-2018-15529

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload...

CVE-2018-15529

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload...

EC-CUBE Payment Module and GMO-PG Payment Module Input Validation Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Japan. The platform supports product login, user evaluation, art layout, etc. EC-CUBE Payment Module and GMO-PG Payment Module are payment modules developed by Japan GMO Payment Gateway Company which are use...

Cross site request forgery (csrf)

An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges...

bieberredangus.com XSS vulnerability

Open Bug Bounty ID: OBB-656763 Description| Value ---|--- Affected Website:| bieberredangus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Shopify: App messaging can be hijacked by third-party websites

The JavaScript code at https://cdn.shopify.com/s/assets/admin/index-c6e72fa910cd0182ab1d1e67ff823fb2e6ca61745c00797769410ce01aafc4d8.js installs a message event listener to receive messages from installed apps when these apps are displayed in a frame. The following check rejects invalid event...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Vulnerability

Exploit for hardware platform in category web applications Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6...

CMS MaeloStore Cross-Site Scripting Vulnerability

CMS MaeloStore is a PHP and MySQL based Content Management System CMS for web publishing and product catalogs. A cross-site scripting vulnerability exists in the Telephone field of the admin interface in CMS MaeloStore version 1.5.0. A remote attacker can exploit this vulnerability to inject...

CVE-2018-12992

An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface...

Cross site scripting

An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface...

CVE-2018-12992

An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface...