CVE-2022-38358

Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/adminnotifiers/rules.php and /module/reportevent/indext.php via the parameters rulenotification, rulename, and rulenameold, and at...

EUVD-2018-21583

Malware in sbrugna...

CVE-2024-46394

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/?/user/add...

CVE-2024-46394

FrogCMS v0.9.5 is affected by a CSRF vulnerability via /admin/?/user/add. CVE-2024-46394 impacts FrogCMS 0.9.5 with a root cause allowing unauthorized actions through cross-site requests. CVSS v3.1 scores indicate High impact: NVD lists 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with network attac...

CVE-2023-45906

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/user/add...

Dreamer CMS Cross-Site Request Forgery Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version v4.1.3. An attacker can exploit this vulnerability to conduct cross-site request forgery CSRF attacks via the component /admin/user/add...

PT-2023-29760 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A Cross-Site Request Forgery CSRF issue was discovered in Dreamer CMS via the component /admin/user/add. This allows for unauthorized actions to be performed on behalf of an authenticated user...

CVE-2023-45906

Dreamer CMS 4.1.3 is affected by a CSRF in the /admin/user/add functionality. The root cause is a Cross-Site Request Forgery vulnerability that allows unauthorized actions to be performed on behalf of an authenticated user. The NVD entry confirms high impact (C/H/I/A) with CVSS 3.1 base score 8.8...

XXL-JOB vulnerable to Cross-site Scripting

XXL-JOB com.xuxueli:xxl-job versions 2.4.0 and earlier are vulnerable to cross-site scripting XSS. An HTML uploaded payload can be executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

HTML Injection

Overview com.xuxueli:xxl-job is a distributed task scheduling framework. Affected versions of this package are vulnerable to HTML Injection. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update. Details Cross-site scripting or XSS is a code...

CVE-2022-38358

Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/adminnotifiers/rules.php and /module/reportevent/indext.php via the parameters rulenotification, rulename, and rulenameold, and at...

CVE-2020-7990

Adive Framework 2.0.8 has admin/user/add userName XSS...

CVE-2020-7990

Adive Framework 2.0.8 has admin/user/add userName XSS...

CVE-2020-7989

Adive Framework 2.0.8 has admin/user/add userUsername XSS...

Cross site scripting

Adive Framework 2.0.8 has admin/user/add userUsername XSS...

CVE-2020-7990

Adive Framework 2.0.8 has admin/user/add userName XSS...

Schben Adive Privilege Control Vulnerability

Schben Adive is a PHP-based web development framework . A security vulnerability exists in the Internal/Views/addUsers.php file in Schben Adive version 2.0.7. A remote attacker can exploit this vulnerability to create administrator privileges with admin/user/add...

CVE-2019-14347

Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users editor or developer to create an administrator account via admin/user/add, as demonstrated by a Python PoC script...

PT-2019-13626 · Unknown · Schben Adive

Name of the Vulnerable Software and Affected Versions: Schben Adive version 2.0.7 Description: The issue allows remote unprivileged users, such as editors or developers, to create an administrator account. This can be achieved via the admin/user/add endpoint, as demonstrated by a Python...