49 matches found
CVE-2022-26246
TMS v2.28.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /TMS/admin/setting/mail/createorupdate...
CVE-2020-21495
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...
CVE-2020-21496
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter...
CVE-2021-29056
Cross Site Scripting XSS vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php...
Pixelimity Cross-Site Request Forgery Vulnerability
Pixelimity is a PHP-based open source CMS Content Management System. A cross-site request forgery vulnerability exists in Pixelimity version 1.0, which originates from the admin setting.php data Password parameter. No details of the vulnerability are available at this time...
Cross site request forgery (csrf)
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data Password parameter...
CVE-2012-1932
A cross-site scripting XSS vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the settingadminemail parameter to admin/setting...
CVE-2012-1932
A cross-site scripting XSS vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the settingadminemail parameter to admin/setting...
CVE-2019-8910
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=sitepost CSRF...
JPress Cross-Site Scripting Vulnerability
JPress is a set of blogging platform developed using the Java language. A cross-site scripting vulnerability exists in JPress version 1.0-rc.5, which can be exploited to inject arbitrary web script or HTML by sending the site name, site title, or site subtitle fields to the...
CVE-2018-18430
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
CVE-2018-18430
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
Design/Logic Flaw
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
Cross site scripting
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=siteattachment attachmenturl parameter...
CVE-2018-18210
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=siteattachment attachmenturl parameter...
POSCMS 'index' function arbitrary code execution vulnerability
POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. A security vulnerability exists in POSCMS version 3.2.10. An attacker can exploit the vulnerability by writing code to the api/ucsso/config.php file with the help of the 'index' functi...
Code injection
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...
CVE-2018-10235
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...
PHP Scripts Mall Professional Service Script Cross-Site Request Forgery Vulnerability
Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A cross-site request forgery vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit this vulnerability to conduct cross-site request...
Wordpress plugin image-gallery-with-slideshow 'imgid' parameter SQL injection vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Wordpress plugin image-gallery-with-slideshow. A remote attacker can exploit the...