93 matches found
Campcodes Advanced Online Voting System 跨站脚本漏洞
Campcodes Advanced Online Voting System is an online voting system. A cross-site scripting vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter title of the file...
Upgraded Q -> M from 270 [1657580410834]
Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...
CVE-2021-42946
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
CVE-2021-42946
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
HTMLy 跨站脚本漏洞
HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in HTMLy 2.8.1 that could lead to cross-site scripting via the copyright field in the /admin/config page...
CVE-2022-23878
seacms V11.5 is affected by an arbitrary code execution vulnerability in adminconfig.php...
CVE-2020-21506
waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?m=Config&a=add...
Cross site scripting
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...
HTMLy 跨站脚本漏洞
HTMLy is a PHP-based open source blogging platform. A cross-site scripting vulnerability exists in htmly version 2.8.1, which can be exploited by remote attackers to send an authenticated post request to admin/config and inject arbitrary web script or HTML...
CVE-2020-4039
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...
CVE-2020-4039
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...
Directory traversal
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...
CVE-2020-4039 Directory Traversal Vulnerability in SUSI.AI Server
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...
CVE-2020-4039
CVE-2020-4039 affects SUSI.AI Server prior to version d27ed0f, with a directory traversal flaw caused by insufficient input validation. An attacker can read any admin config and files readable by the app, and may also move or delete certain files. The issue originates from how untrusted input is ...
Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities
Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Planning Analytics 2.0.9.1. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Planning Analytics. These issues were disclosed as part of the IBM Java SDK...
DEBIAN-CVE-2019-12094
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...
CVE-2019-12094
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...
CVE-2019-12094
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...
Hardcoded credentials
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...