Design/Logic Flaw

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter...

Online Computer and Laptop Store 代码问题漏洞

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to arbitrary file uploads. The vulnerability stems from a lack of validation of uploaded files in the...

Meizhou Qingyunke QYKCMS 代码问题漏洞

Meizhou Qingyunke QYKCMS Qingyunke Website Management System is a website management system of Meizhou Qingyunke Network Technology Meizhou Qingyunke Company in China. Meizhou Qingyunke QYKCMS version 4.3.0 has a code issue vulnerability, the vulnerability stems from the function downurl found in...

CVE-2023-1165

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used...

Sql injection

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used...

CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...

CVE-2021-41878

CVE-2021-41878 affects i-Panel Administration System 2.0. A reflected cross-site scripting (XSS) flaw allows remote attackers to execute arbitrary JavaScript in the browser-based web console. PoCs show crafted URLs (e.g., /lostpassword.php/…) injecting script; multiple public writeups and exploit...

CVE-2021-41878

A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...

CVE-2021-38699

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/systemlogs...

Kartpay: Admin/Info lekage

The Administrator System was opened in public which can be misused by anyone so to avoid a Security system has been implemented to allow from limited Ip address only...

Design/Logic Flaw

XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript...

CVE-2020-12685

XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript...

Openfiler Cross-Site Scripting Vulnerability

Openfiler is an open source network storage solution. A cross-site scripting vulnerability exists in admin / system.html in Openfiler version 2.3, which can be exploited by remote attackers to inject arbitrary Web script or HTML with the help of the 'device' parameter...

Design/Logic Flaw

The admin sys mode is now conditional and dedicated for the special case. By default, since email protected no instance container is launched with advanced capabilities not launched as root...

Cross site scripting

Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to 1 tiki-adminsystem.php, 2 tiki-pagehistory.php, 3 tiki-removepage.php, or 4 tiki-renamepage.php...

YzmCMS Cross-Site Scripting Vulnerability (CNVD-2019-07930)

YzmCMS is an open source CMS Content Management System by Yuan Zhimeng programmers in China. A cross-site scripting vulnerability exists in YzmCMS version 5.2. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML with the help of the 'configuration value'...

CVE-2019-9570

An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/systemmanage/save.html URI, related to the sitecode parameter...

Code injection

An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/systemmanage/save.html URI, related to the sitecode parameter...

CVE-2019-5310

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by sitetitle in an admin/system/basic POST request...

Cross site request forgery (csrf)

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by sitetitle in an admin/system/basic POST request...