CVE-2021-40238

A Cross Site Scriptiong XSS vulnerability exists in the admin panel in Webuzo 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs"...

vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50941)

vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited to conduct cross-site scripting attacks via admincp/attachment.php&do=rebuild&type= URI...

Zen Cart 1.5.3 - Multiple Vulnerabilities

Title: Zen Cart 1.5.3 - CSRF & Admin Panel XSS Date: 09.07.14 Vendor: zen-cart.com Tested on: Apache 2.2 at Linux Contact: smashatdevilteam.pl 1 - CSRF - Delete admin GET profile stands for user id. localhost/zen/zen-cart-v1.5.3-07042014/admin123/profiles.php?action=delete&profile=2 - Reset layou...