1734 matches found
CVE-2020-10411
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/email-harvester.php by adding a question mark ? followed by the payload...
CVE-2020-21244
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/instlang.php...
CVE-2020-20971
Cross Site Request Forgery CSRF vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index...
CVE-2020-18999
Cross Site Scripting XSS in Blogmini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'...
CVE-2020-11001
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...
CVE-2018-15748
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...
CVE-2017-9836
Cross-site scripting XSS vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtualname parameter to /admin.php i.e., creating a virtual album...
CVE-2019-14222
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...
CVE-2019-10687
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print= request...
CVE-2019-20139
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user...
CVE-2019-17577
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails fields 'Errors-To' in emails sent" field...
CVE-2019-9551
An issue was discovered in DOYO aka doyocms 2.3 through 2015-05-06. It has admin.php XSS...
CVE-2019-17578
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails default value in php.ini: Undefined" field...
CVE-2018-5074
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter...
CVE-2018-19461
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php...
CVE-2018-5076
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter...
CVE-2018-10031
CMS Made Simple aka CMSMS 2.2.7 has CSRF in admin/moduleinterface.php...
CVE-2018-15198
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user...
CVE-2018-17560
The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected...
CVE-2005-4856
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with 1...