20 matches found
EUVD-2020-16123
Malware in sbrugna...
EUVD-2022-52374
Malicious code in bioql PyPI...
EUVD-2023-3226
Malicious code in bioql PyPI...
CVE-2024-36163 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-4337
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user...
GHSA-PV3G-VC3Q-8C9G Cross-Site Request Forgery in JFinalCMS via admin/nav/delete
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via admin/nav/delete...
GHSA-32J2-C7MX-V4JJ Cross-Site Request Forgery in JFinalCMS via /admin/nav/update
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/nav/update...
CVE-2023-49446
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/nav/save...
CVE-2023-49448
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via admin/nav/delete...
PT-2023-31230 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was discovered in JFinalCMS. The vulnerability can be exploited via the "/admin/nav/save" API endpoint. Recommendations: For JFinalCMS version 5.0.0, as a temporary...
JFinalCMS 安全漏洞
JFinalCMS is a content management system. A cross-site request forgery vulnerability exists in JFinalCMS version v5.0.0, which originates from the /admin/nav/update component that does not adequately validate whether a request is coming from a trusted user. An attacker can exploit this...
Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin. 1. Install and activate WoocCommerce dependency, no configuration...
CVE-2022-30513
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting XSS via admin/inc/navigation.php:125...
CVE-2022-30513
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting XSS via admin/inc/navigation.php:125...
CVE-2022-30513
The CVE-2022-30513 entry applies to School Dormitory Management System 1.0, which contains an authenticated cross-site scripting (XSS) vulnerability in admin/inc/navigation.php:125. The Nuclei template confirms an authenticated XSS via that file location, enabling an attacker with prior access to...
Exploit for Cross-site Scripting in School_Dormitory_Management_System_Project School_Dormitory_Management_System
CVE-2022-30514 School Dormitory Management System 1.0 - Refle...
Exploit for Cross-site Scripting in Home_Owners_Collection_Management_System_Project Home_Owners_Collection_Management_System
CVE-2022-28077 Home Owners Collection Management System 1.0 -...
CVE-2022-28036
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminajaxnavigation.php...
PT-2021-10895 · Nonecms · Nonecms
Name of the Vulnerable Software and Affected Versions: NoneCMS version 1.3 Description: The issue concerns a CSRF vulnerability in the public/index.php/admin/nav/add.html endpoint, where an attacker can inject arbitrary web script or HTML via the name parameter to launch a stored XSS attack...
NoneCMS 跨站请求伪造漏洞
NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site request forgery vulnerability exists in public/index.php/admin/nav/add.html in NoneCMS version 1.3. An attacker can use this...