245 matches found
CVE-2018-10118
Monstra CMS 3.0.4 is affected by a Stored XSS in the Name field on the Create New Page screen (admin/index.php?id=pages), related to plugins/box/pages/pages.admin.php. This CVE details the vulnerable component path and the input point that leads to script execution. The connected data confirms th...
afmec.org XSS vulnerability
Open Bug Bounty ID: OBB-600205 Description| Value ---|--- Affected Website:| afmec.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-6550
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php...
Design/Logic Flaw
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php...
CVE-2017-17645
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php...
CVE-2017-17645
CVE-2017-17645 affects Bus Booking Script 1.0. The vulnerability is a SQL Injection via the txtname parameter in admin/index.php, caused by unsanitized input in a PHP/MySQL-based web app. Public references (NVD, CNVD, CVE records) describe SQL injection as the issue, with in-the-wild PoCs/exploit...
Sql injection
SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account...
CVE-2017-9759
The vulnerability is a SQL Injection in the open-source CMS Zenbership version 1.0.8, located in the admin/index.php handling the filters array parameter. The issue is exploitable by a privileged account, as described in CVE-2017-9759. The connected sources consistently report this exact flaw but...
CVE-2017-7402
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...
Design/Logic Flaw
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...
Design/Logic Flaw
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack...
CVE-2017-7361
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack...
Design/Logic Flaw
Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack...
CVE-2017-7363
Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack...
CVE-2017-7359
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack...
CVE-2017-7360
CVE-2017-7360 affects Pixie 1.0.4. The connected documents identify a cross-site scripting vulnerability in the admin interface, specifically in the admin/index.php s=settings&x= parameter, indicating insufficient input validation in the settings handling path. The impact is an XSS where an attac...
CVE-2017-7361
Pixie 1.0.4 is affected by a cross-site scripting (XSS) vulnerability exposed via admin/index.php s=publish&m=static&x=. The CNVD entry states Pixie 1.0.4 contains a cross-site scripting flaw due to improper validation of user-submitted input, allowing a remote attacker to inject arbitrary web sc...
CVE-2017-7359
Pixie 1.0.4 contains a cross-site scripting (XSS) vulnerability in the CMS, described as an XSS in Pixie 1.0.4 via admin/index.php s=login&m=. Root cause: improper input validation/handling. Impact per sources indicates potential script injection; exploitation status is not provided in the docume...
CVE-2017-7363
Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack...
CVE-2012-4901
Template CMS (version 2.1.1 and earlier) is affected by a Cross‑Site Scripting (CWE-79) vulnerability in the themes_editor parameter passed to admin/index.php during add_template, enabling remote injection of arbitrary HTML/JS. Public advisories (HTB23115) describe the issue and note CSRF concern...