320 matches found
CVE-2022-35950 OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item
OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line...
CVE-2022-35950 OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item
OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line...
CVE-2023-38330
OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack...
Sql injection
SQL Injection vulnerability in Future-Depth Institutional Management Website IMS 1.0, allows attackers to execute arbitrary commands via the ad parameter to /adminarea/logintransfer.php...
01ACP 跨站脚本漏洞
01ACP is a central administration area for all modules of 01-Scripts.de by Michael Individual Developer. A cross-site scripting vulnerability exists in 01-Scripts 01ACP, which stems from unknown processing, where manipulating some of the parameters can lead to cross-site scripting...
FlatPress Cross-Site Scripting Vulnerability (CNVD-2023-06527)
FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...
CVE-2022-4820
A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...
Cross site scripting
A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...
CVE-2022-4820 FlatPress Admin Area admin.entry.list.php cross site scripting
A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...
CVE-2022-4820 FlatPress Admin Area admin.entry.list.php cross site scripting
A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...
FlatPress 跨站脚本漏洞
FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...
PT-2022-28122 · Flatpress · Flatpress
Name of the Vulnerable Software and Affected Versions: FlatPress affected versions not specified Description: A problematic vulnerability has been found in FlatPress, affecting an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads ...
FlatPress < 1.3 Multiple Vulnerabilities
FlatPress is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-CW2V-WV4G-W4P6 rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery CSRF. An attacker exploiting this vulnerability can use it to delete repositories and users...
Cross Site Request Forgery in Admin area leads to deletion of repositories and users
Description Server accepts the GET request for deleting repositories and users which can lead to CSRF attack on repositories'. Proof of Concept Open the below URL after logging in to the admin account in demo site. For deleting Repository : Replace "replace-here" with a repo name...
Bluecms has an unspecified vulnerability (CNVD-2022-59211)
BlueCMS is a content management system CMS based on PHP and MySQL. a security vulnerability exists in BlueCMS version 1.6, which stems from an SQL injection in line 132 of admin/area.php. No details of the vulnerability are currently available...
CVE-2022-37113
Bluecms 1.6 has SQL injection in line 132 of admin/area.php...
CVE-2022-37113
Bluecms 1.6 has SQL injection in line 132 of admin/area.php...
CVE-2022-37113
Bluecms 1.6 has SQL injection in line 132 of admin/area.php...
CVE-2022-37113
Bluecms 1.6 has SQL injection in line 132 of admin/area.php...