Cross site scripting

Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 page parameter to a admin/admincomments.php or b admin/adminlinks.php; or list parameter in a 3 move or 4 minimize action to c...

11in1 CMS 1.2.1 - 'admin/comments?topicID' SQL Injection

source: https://www.securityfocus.com/bid/52306/info 11in1 CMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the applicatio...

CVE-2008-7039

CVE-2008-7039 concerns Gelato CMS 0.95, where an XSS flaw exists in admin/comments.php via the comment content parameter. The vulnerability allows remote attackers to inject arbitrary web script or HTML when processing a comment, per the NVD description. The linked connected records corroborate t...