109 matches found
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
GHSA-46V4-5MC8-Q2CF GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the User-Agent header in the Admin Log Viewer. An attacker can execute arbitrary web scripts in an administrator's browser by injecting crafted input, which is rendered when the security log page is viewed...
Cross-site Scripting (XSS)
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the User-Agent header in the Admin Log Viewer. An attacker can execute arbitrary web scripts in an administrator's browser by injecting crafted input,...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
PT-2025-39177
Name of the Vulnerable Software and Affected Versions S-Cart versions prior to 10.0.4 Description A stored cross-site scripting XSS issue exists in the Admin Log Viewer component. A remote, authenticated attacker can inject arbitrary web script or HTML through a manipulated User-Agent header. Whe...
CVE-2025-57407
This CVE affects s-cart components (notably s-cart/core and gp247/core) and the Admin Log Viewer, where a stored XSS flaw allows a remote authenticated attacker to inject arbitrary script via a crafted User-Agent header. The vulnerability arises from improper handling/sanitization of User-Agent d...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
CVE-2025-59476
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...
Linux Distros Unpatched Vulnerability : CVE-2020-14320
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. CVE-2020-14320 Note that...
CVE-2024-21515
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...
CVE-2023-23721
Cross-Site Request Forgery CSRF vulnerability in David Gwyer Admin Log plugin = 1.50 versions...
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...
CVE-2025-3531
A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The explo...
CVE-2024-13922 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...
bootplus 安全漏洞
bootplus is a permission management framework by JoeyBling Personal Developer. A security vulnerability exists in bootplus, which stems from the parameter logId in the file /admin/sys/log/list that can lead to SQL injection...
PT-2024-17383 · Crushftp · Crushftp
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves improper input handling in the 'Host Header', allowing an unauthenticated attacker to store a payload in web application logs. When a...
Decidim 跨站脚本漏洞
Decidim is an open source participatory democracy framework from Decidim, written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.6 and earlier and 0.28.1 and earlier, which stems from a cross-site scripting attack in the administrator panel if an...
CVE-2024-43444
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...