1734 matches found
CVE-2024-45967
Pagekit 1.0.18 is vulnerable to Cross Site Scripting XSS in index.php/admin/site/widget...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
PT-2024-12109 · Unknown · Cs-Cart Multivendor
Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the product data parameter of add/edit product in the administration interface. This enables attackers to execu...
Dolibarr ERP/CRM Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dolibarr ERP/CRM Login Utility', 'Description' = %q This module attempts to authenticate to a Dolibarr ERP/CRM's admin web interface, and should...
PT-2024-31262 · Unknown · Online Complaint Site
Name of the Vulnerable Software and Affected Versions: Online Complaint Site version 1.0 Description: The issue allows a remote attacker to escalate privileges via the username and password parameters in the "/admin.index.php" API endpoint. Recommendations: For Online Complaint Site version 1.0,...
CVE-2024-42774
An Incorrect Access Control vulnerability was found in /admin/deleteroom.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section...
Kashipara Hotel Management System 安全漏洞
Kashipara Hotel Management System is a hotel management system from Kashipara. An access control error vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an unauthenticated attacker to view valid hotel room information in the administrator interface...
GO-2022-0922 ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour
ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour...
Cisco Unified Communications Manager 安全漏洞
Cisco Unified Communications Manager is a call processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists in Cisco Unified...
The vulnerability of the administration interface of the Fortinet FortiPortal security analysis and management tool allows a perpetrator to expose the protected information.
The vulnerability of the administration interface of the Fortinet FortiPortal security analysis and management tool involves bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to disclose sensitive information by sending specially crafted HTT...
The vulnerability of the administrative interface of the FortiADC application controller allows a perpetrator to gain access to write arbitrary files.
The vulnerability of the FortiADC application delivery controller’s administrative interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain write access to arbitrary files by sending specially crafted HTTP or HTTPS requests...
PT-2024-38591 · Unknown · Sourcecodester Simple Online Bidding System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Bidding System version 1.0 Description: A critical vulnerability has been found in the software, affecting an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=delete product. Th...
CVE-2024-33533
An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...
SteVe 安全漏洞
SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...
CVE-2024-33533
Vulnerability summary (CVE-2024-33533) : In Zimbra Collaboration (ZCS) 9.0 and 10.0, the webmail admin interface is vulnerable to a reflected XSS due to inadequate input validation of the packages parameter. An authenticated attacker can upload a malicious JavaScript file and craft a URL with its...
FrogCms 安全漏洞
FrogCMS is a lightweight PHP content management system A cross-site request forgery vulnerability exists in FrogCms version v0.9.5, which stems from /admin/? /snippet/delete/3 does not adequately verify that the request is from a trusted user. The vulnerability can be exploited by an attacker to...
CVE-2024-33533
An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...
CVE-2024-34480
SourceCodester Computer Laboratory Management System 1.0 allows admin/category/viewcategory.php id SQL Injection...
The vulnerability of the Cisco Smart Software Manager On-Premium software authentication system, which stems from the lack of necessary checks during password changes, allows attackers to gain access to the administration web interface.
The vulnerability of the Cisco Smart Software Manager On-Prem authentication system lies in the lack of necessary checks during password changes. Exploiting this vulnerability can allow a malicious actor to gain access to the administration web interface by sending specially crafted HTTP requests...