EUVD-2026-17363

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

CVE-2021-20750

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 EC-CUBE 3 series and EC-CUBE 4.0.0 to 4.0.5-p1 EC-CUBE 4 series allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices to develop and implement policies to monitor the network. A cross-site scripting vulnerability exists in th...

XYHCMS_V3-20170614 CSRF and File Upload Vulnerabilities in the Backend

Xing Yunhai CMS XYHcms is a completely open source CMS content management system. XYHCMSV3-20170614 CSRF and file upload vulnerability exists in the background. Attackers can use this vulnerability to lure administrators to click on specially crafted links to further Getshell and gain control of...

CSRF Vulnerability in Ocean CMS V6.48

Ocean Movie System aka Ocean CMS seacms is a PHP movie system. There is a CSRF vulnerability in the back-end SQL execution form of Ocean CMS, which can be exploited by attackers to trick administrators into clicking on malicious links to execute SQL statements and write webshell to gain server...