1734 matches found
Cross-site Scripting in Netgen Tags Bundle
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...
CVE-2021-45895
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...
CVE-2021-45895
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...
CVE-2021-45895
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...
Cross site scripting
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...
Keycloak: Incorrect authorization allows unpriviledged users to create other users
A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...
SEO Booster < 3.8 - Admin+ SQL Injection
The plugin allows for authenticated SQL injection via the "fnmyajaxifieddataloaderajax" AJAX request as the $REQUEST'order'0'dir' parameter is not properly escaped leading to blind and error-based SQL injections. Install SEO Booster, then click on the "Incoming Keywords" link in the Wordpress...
Ec-cube 跨站请求伪造漏洞
EC-CUBE is an open source system for creating shopping websites. EC-CUBE versions 2.11.0 - 2.17.1 have a cross-site request forgery vulnerability in the administration interface. An attacker could exploit the vulnerability to remove administrators by tricking a user with administrative privileges...
EC-CUBE 安全漏洞
EC-CUBE is an open source system for creating shopping websites. EC-CUBE version 2.11.2 - 2.17.1 contains an improper access control vulnerability in the administration interface. An attacker could use this vulnerability to change system settings without proper privileges...
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution...
VulnCheck KEV: CVE-2020-5849
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution...
Cisco Unified Communications Manager 跨站请求伪造漏洞
Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. The component provides a scalable, distributable, and highly available enterprise IP telephony call processing solution.A cross-site request forgery vulnerability exists in Cisco Unified...
Cisco Prime Access Registrar 跨站脚本漏洞
Cisco Prime Access Registrar Cpar is a 3gpp-compliant Aaa server software from Cisco USA. It is used to provide scalability. Cisco Prime Access Registrar suffers from a cross-site scripting vulnerability that stems from the web's administrative interface not adequately validating user-supplied...
UBUNTU-CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...
MyBB 跨站脚本漏洞
MyBB is a free and web-based forum software developed by MyBB team using PHP and MySQL. MyBB has a cross-site scripting vulnerability in versions prior to 1.8.28, which stems from the lack of proper validation of client-side data in the template name displayed in the theme management of the WEB...
CVE-2021-20120
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes such as changing the administrative password without the consent of the user...
Cross site request forgery (csrf)
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes such as changing the administrative password without the consent of the user...
CommScope Arris Surfboard Sb8200 跨站请求伪造漏洞
The CommScope Arris Surfboard Sb8200 is a Docsis 3.1 modem from CommScope USA. The Arris Surfboard SB8200 suffers from a security vulnerability that stems from the lack of any protection against cross-site request forgery attacks in the software's administrative web interface. This means that an...
Cisco Tetration 跨站脚本漏洞
Cisco Tetration is a hybrid cloud workload protection from Cisco USA. A cross-site scripting vulnerability exists in Cisco Tetration, which stems from the program's administrative interface not adequately validating user-supplied input. An attacker could exploit the vulnerability by injecting...
UBUNTU-CVE-2021-38295
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...