MantisBT XSS via move_attachments_page.php

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

Grav CMS Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools...

GHSA-977G-93F5-RQJX Grav CMS Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools...

CVE-2022-28074

Halo-1.5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via \admin\index.html/system/tools...

CVE-2022-28074

Halo-1.5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via \admin\index.html/system/tools...

BlackCat CMS Cross-Site Scripting Vulnerability (CNVD-2021-52961)

Blackcat Cms is a Php-based content management system from the Blackcat team. version 1.3.6 of BlackCat CMS contains a cross-site scripting vulnerability that can be exploited by an authenticated attacker to execute arbitrary web scripts or HTML via a crafted payload entered with the...

CVE-2020-25878

A stored cross site scripting XSS vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules...

Cross site scripting

A stored cross site scripting XSS vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules...

CVE-2020-25878

CVE-2020-25878 is a stored XSS vulnerability in BlackCat CMS 1.3.6 affecting the Admin-Tools feature. According to the provided sources, authenticated attackers can inject and trigger arbitrary web scripts or HTML through crafted payloads entered into the Output Filters and Droplets modules. The ...

Blackcat Cms 跨站脚本漏洞

Blackcat Cms is a Php-based content management system from the Blackcat team. version 1.3.6 of BlackCat CMS contains a cross-site scripting vulnerability that can be exploited by an authenticated attacker to execute arbitrary web scripts or HTML via a crafted payload entered with the...

BloofoxCms 路径遍历漏洞

bloofoxCMS is a free open source PHP + MySQL based Web content management system . A directory traversal vulnerability exists in bloofoxCMS 0.5.2.1. An attacker can exploit this vulnerability by using the admin/index.php?mode=tools&page=upload URI to upload any .php file to . /media/images/...

CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

UBUNTU-CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

Cross-site Scripting (XSS)

dolibarr is vulnerable to cross-site scripting XSS. With the USERLOGINFAILED setting,an attacker can inject arbitrary script in admin tools -- audit page, possibly stealing admin account...

Dolibarr ERP/CRM Admin Tools Cross-Site Scripting Vulnerability

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, etc. Admin Tools is one of the management tools. A cross-site scripting...

CVE-2020-11823

In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin account...

UBUNTU-CVE-2020-11823

In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin account...

CVE-2020-11823

Dolibarr 10.0.6 is affected by a stored XSS vulnerability on the Admin Tools audit page when USER_LOGIN_FAILED is active. The issue could allow an attacker to steal the admin account; the specific root cause and vulnerable component are described at a high level in multiple sources, but no vendor...

CVE-2020-6218

Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure...

Information disclosure

Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure...