25 matches found
Afian FileRun 跨站脚本漏洞
Afian FileRun is a full-featured web-based file manager. Afian FileRun 2021.03.26 A cross-site scripting vulnerability can be exploited by an attacker to cause an administrator to encounter a crafted document while performing a preview or editing operation using an HTML editor...
CVE-2020-26564
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have !ENTITY content, create a .xml file for a generic survey template containing a link to this .css file, and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey'importFile'...
CVE-2011-5210
CVE-2011-5210 affects Limny 3.0.0, where a directory traversal is possible in admin/preview.php via the theme parameter (encoded ..%2F) to read arbitrary files. Multiple sources (NVD, OpenVAS) confirm the vulnerability and link to Limny 3.0.0 players; OpenVAS describes it as a global directory tr...
CVE-2011-5210
Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 allows remote attackers to read arbitrary files via a ..%2F encoded dot dot slash in the theme parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 body parameter to admin/preview...